Skip to main content

Python interface to the Linux sudoers file

Project description


This library provides a Python interface to the Linux sudoers file. python-sudoers is open sourced under the BSD 3-Clause license.

CircleCI codecov


pysudoers still runs on Python 2.7, and Python >= 3.4


This library parses a sudoers file into its component parts. It's not 100% compliant with the EBNF format of the file (yet), but it's getting there. Currently, the script parses out 6 distinct line types from the file:

  • Defaults (This is only a string currently. Pieces of a Defaults setting are not parsed/separated.)
  • Cmnd_Alias
  • Host_Alias
  • Runas_Alias
  • User_Alias
  • User specifications (which we call rules)

As user specifications are the most complicated, they are most likely the area that needs the most improvement. Currently, the following pieces of a user specification are separated out as part of the parsing:

  • User list
  • Host list
  • Command list (containing): ** Tags ** Run As notations ** Commands


You can use pip to install pysudoers:

pip install pysudoers


Parsing of the sudoers file is done as part of initializing the Sudoers object. So, you can start using the properties under Sudoers immediately. The following example will print out all the different "types" from the file:

from pysudoers import Sudoers

sobj = Sudoers(path="tmp/sudoers")

for default in sobj.defaults:

for key in sobj.host_aliases:

for key in sobj.cmnd_aliases:

for key in sobj.runas_aliases:

for key in sobj.user_aliases:

for rule in sobj.rules:

Now, suppose you want to print out all the user specifications (rules), but you only want to see the users and hosts for each rule.

from pysudoers import Sudoers

sobj = Sudoers(path="tmp/sudoers")

for rule in sobj.rules:
    print("%s | %s" % (",".join(rule["users"]), ",".join(rule["hosts"])))


Pull requests to add functionality and fix bugs are always welcome. Please check the for specifics on contributions.


We try to have a high level of test coverage on the code. Therefore, when adding anything to the repo, tests should be written to test a new feature or to test a bug fix so that there won't be a regression. This library is setup to be pretty simple to build a working development environment using Docker. Therefore, it is suggested that you have Docker installed where you clone this repository to make development easier.

To start a development environment, you should be able to just run the script. This script will use the Dockerfile in this repository to build a Docker container with all the dependencies for development installed using Pipenv.


The first time you run the script, it should build the Docker image and then drop you into the container's shell. The directory where you cloned this repository should be volume mounted in to /usr/src, which should also be the current working directory. From there, you can make changes as you see fit. Tests can be run from the /usr/src directory by simply typing green as green has been setup to with the correct parameters.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for pysudoers, version 1.2.0
Filename, size File type Python version Upload date Hashes
Filename, size pysudoers-1.2.0-py3-none-any.whl (10.4 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size pysudoers-1.2.0.tar.gz (30.1 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page