I wrote a quick script called test-sudoers.py which reads a sudoers file and can answer questions like “what commands can a particular user run on a particular host?” and “can a particular user run a command?”. The latter is particularly useful because using return codes that can be scripted and allow certain actions based on whether they can run a specific command.
Its also very useful if you are writing a massive sudoers file (as I manage at my current job) and need tools to probe and prod it before rolling it out.
UPDATE 9/1/2009: v0.2 online which features support for netgroups. If you have installed my libnss netgroup bindings then you can perform netgroup based lookups using test-sudoers