How could I list all super users?

If you just need to list the sudoers listed in the sudo group, I think that the best way to do it would be to run this command (which should be computationally lighter than any of the other commands in this answer):

grep -Po '^sudo.+:\K.*$' /etc/group

Also as suggested in the comments by muru, the format of the entries in /etc/group can be easily handled by cut:

grep '^sudo:.*$' /etc/group | cut -d: -f4

Also again as suggested in the comments by muru, one can use getent in place of grep:

getent group sudo | cut -d: -f4

Any of these commands will print all the users listed in the sudo group in /etc/group (if any).

Command #1 breakdown:

• grep: Prints all the lines matching a regex in a file
• -P: makes grep match Perl-style regexes
• o: makes grep print only the matched string
• '^sudo.+:\K.*$': makes grep match the regex between the quotes

Regex #1 breakdown:

• Any character or group of characters not listed matches the character or the group of characters itself
• ^: start of line
• .+: one or more characters
• \K: discard the previous match
• .*: zero or more characters
• $: end of line

Command #2 breakdown:

• grep: Prints all the lines matching a regex in a file
• '^sudo.+:\K.*$': makes grep match the regex between the quotes
• cut: Prints only a specified section of each line in a file
• -d:: makes cut interpret : as a field delimiter
• -f4: makes cut print only the fourth field

Regex #2 breakdown:

• Any character or group of characters not listed matches the character or the group of characters itself
• ^: start of line
• .*: zero or more characters
• $: end of line

As it stated here I consider the simpliest way to discover with -l & -U options together, just type users it will list e.g.: John then:

If the user has sudo access, it will print the level of sudo access for that particular user:

  sudo -l -U John
  User John may run the following commands on this host:
     (ALL : ALL) ALL

If the user don't have sudo access, it will print that a user is not allowed to run sudo on localhost:

   sudo -l -U John
   User John is not allowed to run sudo on localhost.

Expanding on the sudo -l -U test, one can use getent passwd to determine the users who can use sudo. Using getent allows us to access users who may not be present in the passwd file, such as LDAP users:

getent passwd | cut -f1 -d: | sudo xargs -L1 sudo -l -U | grep -v 'not allowed'

sudo -U does not return a non-zero exit value that we could take advantage of, so we are reduced to grepping the output.

As it has already been stated, the answer can be found on Unix & Linux Stack Exchange:

This shows that user "saml" is a member of the wheel group.

$ getent group wheel
wheel:x:10:saml

The only difference is that the group in Ubuntu is not wheel, but sudo (or admin in older versions of Ubuntu). So the command becomes:

getent group sudo

Command:

cat /etc/group | grep sudo

Output:

sudo:x:27:Tom,Stacy

Tom, Stacy are the users with sudo privileges.

On most Unix-like systems, that have the sudo command, and have a sudo configuration file; running visudo as root:

:~$ sudo bash

or

:~$ su

:~# visudo

will allow an administrator to inspect and amend the privileges of groups that can use the sudo command.

On Debian based Unix-like systems, like Ubuntu, the groups 4 and 27 generally have access rights to the sudo privileges.

Group 4 is the administrator group (adm) and group 27 is the sudo gid.

To see what users are currently assigned to these groups cat the /etc/group file as shown below:

:~$ cat /etc/group

A sample output, on Ubuntu (but not Redhat based, Oracle Solaris/Solaris based, or BSD based systems) would yield this:

adm:x:4:youruser
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9: 
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:youruser,mybrother
floppy:x:25:
tape:x:26:
sudo:x:27:youruser,mybrother

As we can tell, youruser is the administrator of the system, and member of group 4 (adm). But youruser and mybrother are both members of group 27, which is the gid (group identification) number of group sudo. So mybrother can also attain root privileges (super user).

Many linux systems like Fedora and Slackware, incorporate the wheel group gid=10. Which allows administrator privileges when the sudo command is applied. On BSD based systems (e.g. FreeBSD), the root user is a member of the wheel group which is gid 0.

Also by using the id command any user can find the group information of another known user to the system.

For Example:

:~$ id mybrother

Sample output

uid=1001(mybrother) gid=1001(mybrother) groups=1001(mybrother),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)

This command returns a list of users with sudo rights:

awk -F ":" '{ system("groups " $1 " | grep -P \"[[:space:]]sudo([[:space:]]|$)\"") }' /etc/passwd

Output is (e.g.):

<username> : <username> adm cdrom sudo dip plugdev lpadmin sambashare docker

If only the user name to be displayed, then this command:

awk -F ":" '{ system("groups " $1 " | grep -P \"[[:space:]]sudo([[:space:]]|$)\"") }' | awk -F ":" '{ print $1 }' /etc/passwd

I was stumped about how the vagrant user can use sudo even without being mentioned in /etc/sudoers nor in /etc/group nor found with getent.

Turns out sudo also reads entries from all files under /etc/sudoers.d/. So if you haven't looked through that directory, you may not realize how many users actually have sudo access.

This kind of sudo access can be detected by JoKeR's answer using sudo -l -U vagrant but is not detected by any of the other answers here which all rely on either getent or /etc/group.

Based on answers from @muru and @kos, but with some optimizations.

The getent group sudo command lists only users who have the sudo group. The rest of the commands test whether the user is actually capable of running as root. There are also other additions to improve the formatting of the output.

COMMAND

if [ -z $(getent group sudo) ]; then printf "\n >>>>>>>>>>> NO ENTRIES <<<<<<<<<<<\n\n"; 
else getent group sudo | 
sed 's/.*://' | 
sed 's/,/\n/g' | 
xargs -L1 sudo -l -U | 
grep -v 'not allowed' | 
sed 's/Matching Defaults entries/\n >>>>>>>>>>> CAN RUN COMMANDS AS ROOT >>>>>>>>>>>\n\nMatching Defaults entries/g' | 
sed '$a\\'; fi

OUTPUT

 >>>>>>>>>>> CAN RUN COMMANDS AS ROOT >>>>>>>>>>>

Matching Defaults entries for may_user_i on localhost:
    !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User may_user_i may run the following commands on localhost:
    (ALL) ALL
    (ALL) ALL

 >>>>>>>>>>> CAN RUN COMMANDS AS ROOT >>>>>>>>>>>

Matching Defaults entries for may_user_ii on localhost:
    !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User may_user_ii may run the following commands on localhost:
    (ALL) ALL

Thanks! =D

[Refs.: https://askubuntu.com/a/611607/134723 , https://askubuntu.com/a/611646/134723 , https://unix.stackexchange.com/a/136798/61742 , https://unix.stackexchange.com/a/26639/61742 ]