Restore Default Ubuntu Groups.


While this affected me on Ubuntu, I guess it’s possible that other Linux distros will also be affected. Though the incorrect use of usermod, I managed to screw up my groups configuration leaving me without sudo or su ability, which is obviously important on Ubuntu to make system configuration changes. Read on for the whole story of how I recovered, and restored correct groups again.

One of the libraries I’m using required me to be a member of the uucp group for it to work, so off I went and read the manpage of usermod so I could add myself to that group. Two shakes of a lambs tail later I had issued a:

sudo usermod -G uucp ccollins

This was quite effective at adding me to the uucp group, but had the unfortunate side effect of removing me from all the other groups I was a member of. To top it all off, not being a member of admin anymore, I could no longer use sudo or su, and was effectively unable to recover.

What I should have done, was issue usermod as:

sudo usermod -a -G uucp ccollins

This would have the effect of appending the group to my list, rather than replacing.

So, to recover I had to use the Ubuntu live CD. I booted Ubuntu from the live CD and when I logged in I was able to mount my root partition (/). Once this was done, I could manually edit the /etc/group file and add myself to the admin group. A quick reboot later and I was able to use sudo and su again, and add myself to all the other groups I’d lost.

sudo usermod -G ccollins,adm,uucp,dialout,cdrom, \
floppy,audio,dip,video,plugdev,scanner,netdev, \
lpadmin,powerdev,admin ccollins

sudo usermod -g ccollins ccollins

This restored my group memberships, and restored my initial group to ccollins. All I needed to do now, was log out and log in.

AddThis Social Bookmark Button

About these ads

47 responses to “Restore Default Ubuntu Groups.”

  1. adamjcollege says :

    Woohoo. This was a lifesaver!

  2. Molgor says :

    Thanx a lot!! It was difficult for me to remmeber what was the fu@%! problem. Later on I realized that I missunderstand the usermod shit just like you.
    Maybe the activation of the root login isn’t a bad idea after all.

    Aknowledges from México.

  3. Mahesh says :

    Wow! Your quick little note was a life saver for me too.

    I was trying out some Ubuntu admin stuff and wrongly used the usermod command “exactly” like you did. But, I did so because the book I was referring to told me to do so!! (WTF!! I know!)

    Anyway, once that was done, I reboot the system into recovery mode (single user mode through Grub) and added a root passwd. So, then on I could use “su -” to become root, but, otherwise I felt pretty helpless since I couldn’t work with sudo.

    I am now going to restore my admin privileges as per your note and hopefully things will work well.

    Thanks for encountering the problem, finding the solution, and most improtantly posting it for public use. Great job.

  4. ghost says :

    Dude, Duuuuuude!!! thanks alot man,this helped me alot, and i learned something new in the process. Thanks for sharing it ;)

  5. bartman says :

    This is a complete lifesaver. A few things that would’ve saved me quite a bit of time:
    * if the user calling “$ sudo …” isn’t in the group admin, the command won’t execute but the user won’t be notified. You have to use $ su and log in as root.
    * the changes take effect as soon the user whose groups are changed logs in the next time. A reboot isn’t necessary!

  6. someone says :

    thank you! I’ve done that mistake with usermod too!

  7. Jman says :

    Another thanks over here… you fixed me!

  8. Oggle says :

    you have no idea how much this just helped. Thank you so much!

  9. Nomad says :

    Thanx. It’s the clearest explanation I’ve found.
    And it’s really helped

  10. Patrick says :

    Wow! Thank you for this. I had completely forgotten and it was driving me nuts as the CLI kept spitting back error reports with Usage instructions…. of which were not very helpful. But this post was.

    A quick note at the risk of sounding pretentious, it’s best to experiment your system administration tasks on guest accounts or accounts that wouldn’t affect you if you messed them up. I’ve been toying with a bunch of advanced configuration lately, like everyone here… but when I do I make absolutely sure I’m playing with the guest account.

    Cheers

    • strongcofirul says :

      I have installed the Ubuntu using Wubi. I do not have any Live CD/USB..

      I boot into my Ubuntu via windows boot loader

      which also doesn’t show me the recovery mode.

      what should i do

  11. ccollins says :

    Hi Patrick,
    That’s true. When it comes to Linux and Unix type systems, it pays to be paranoid :-)

    -Chris

  12. ccollins says :

    Jason over at Ubuntu Forums suggests an even easier fix for messed up groups. Reboot into the recovery console and execute “adduser YOUR_USERNAME_HERE admin”. That gets you back on the admin group, and allows you to recover your other groups also.

    Full post is here:

    http://ubuntuforums.org/showpost.php?p=4273283&postcount=2

  13. bblackmoor says :

    Great tip, here. Thanks.

  14. bblackmoor says :

    I should add that not having a “root” in Ubuntu really floored me. Fortunately, I have physical access to the machine, other wise my omission of the -a would have been a catastrophe.

    Live and learn.

  15. dirtycutmaster says :

    Just to say as Oggle did – you don’t have any idea how much that helped me! Thanks a thousand times!

  16. Ricky says :

    It saved my bacon, and it was EXACTLY the same thing, but my evil group was sbox.

    Thank you.

  17. Sektor says :

    Same problem here, this article was a life saver. Perhaps the man pages should include some kind of warning, as this seems to happen a lot.

    Thanks.

  18. Nic says :

    Many thanks – I messed up in exactly the same way. Very handy to have a list of default group memberships out there.

  19. ray says :

    Unreal. U saved my life! I was studying for LPI and the text book told me to run the command: sudo usermod -G sales bob. Next time I booted up I couldn’t log in, system couldn’t find my home folder, I couldn’t access my home folder, all thiseven though I still owned it. Nightmare.

    I think I love you.

    lol

  20. r says :

    If you don’t have a live CD your can edit the grub menu line : add “init=/bin/bash” and boot.
    You then have access to a bash terminal with no need for password or root right.
    You must remount your partition with write rights:
    mount -o remount,rw /
    then edit /etc/group to add sudo right to your user.
    reboot and you are done

  21. Thijs says :

    Great!

  22. Allan Registos says :

    There is a quick solution w/o having to boot from a live CD.
    But a requirement is that you must have an existing webmin installed. I don’t know that this will going to everyone but at least it works for me. The reason why I said this because I am currently logged at the webmin web interface. I don’t know if you can still log in at the webmin once you messed with your admin group.

    I am a user of Ubuntu for over a year but I still messed the admin group and still don’t know that the group is critical to the Ubuntu system. I deleted it via webmin, since I want to create a user admin for that purpose. Now when I go to the CLI to install software, the error says I am not belong to the sudoers file.

    The thing is I am currently logged at the webmin interface. I simply re-created the group admin. I put my username on that group and try to access the synaptic again without error. I can now use the CLI and install programs.

  23. Boris says :

    Thanks a lot! Very helpful…

  24. ganapathi says :

    Thanks a lot!! It helped me too

  25. Jim McLaren says :

    You don’t actually need to use a live CD. When grub starts, hit escape to bring up the boot menu, and select ‘recovery mode’. When in recovery mode, select the option to drop to a root prompt. Then type in the command:

    adduser <username> admin

    where <username> is the account you want to add to the admin group.

    Reboot, and you should be able to add yourself to other groups from a terminal on the desktop.

    • ccollins says :

      Thanks Jim,
      The operations of the recovery console are not something I know a lot about. Thanks for the tip! You learn something new every day :-)

      -Chris

  26. A User says :

    Thank you!
    You are a star for taking the trouble to document this. Same problem. Had just about worked that I might have screwed things up with similar usermod. You saved me a lot of trouble about where to go next! :-)

  27. Barry says :

    I ran into the same problem by misunderstanding the use of usermod as you did.
    But I googled and found out we could use recovery mode the regain __admin__ .
    After doing that I found out I could do sudo/su again, but still missing the default groups that I should be in. I found out you solution, Oh, perfect!!

  28. felix says :

    It seems to me a crazy default behaviour for Usermod. Why not -a (add) as default. Add a switch for the replace behaviour (-r)?
    If not that at least warn the user that bad s#!t is about to happen and ask for confirmation.

  29. Torta says :

    So anyone can add themselves to the admin group just by running the Live CD and editing the /etc/group file? So basically if a user has access to the box they can make themselves admin? I don’t like the sound of that.

  30. steps says :

    Thanks for this! It might help to add that there is actually a backup file of the groups you used to belong to before, so once you have added yourself to the sudoers group again, you can look up your old groups like this:

    sudo grep /var/backups/group.bak

    Then re-add yourself to the groups as described above. Thanks again! :)

    • steps says :

      Sorry, the editor deleted something. The command is:

      sudo grep YOUR_USERNAME /var/backups/group.bak

      Obviously replace YOUR_USERNAME with your own username.

      • Bobinours says :

        Another saved guy.
        Thanks for both tips !

        The file /etc/group- is not the good backup in my case (see below comment).
        When /var/backups/group.bak is the good one :)

  31. Andy says :

    Cheers fella,

    Your a bloody life saver.

  32. Aravind says :

    I would simply restore it from the backup file /etc/group- (notice trailing “-” ). It worked for me to restore my Ubuntu 11.10 server edition.

    I would say inorder to prevent such things from happening set a root password by doing the following:

    user@machine#sudo su
    root@machine#passwd

    Set the password here for the root user

    If in future if anything gets screwed and you can’t sudo, you can
    #su

    to login as root

    Cheers
    Aravind

    • ccollins says :

      Thanks Aravind. Though I would advise against setting a blank superuser password, for obvious security reasons.

      • Aravind says :

        I didn’t advise to set blank superuser password. I simply suggested to set A superuser password because by default there is no root user in Ubuntu (atleast in UbuntuServer 11.10 the one I had issues with ). When you set the password it gets created.

      • ccollins says :

        @Aravind,
        Apologies. I’ve just read your last comment properly now.

        Sorry for shooting from the hip on a highly caffeinated day.

        -Chris

  33. arzki says :

    Excellent. Thanks, you just saved me a lot of time and headache. Due to my own stupidity I removed myself from admin group. Your solution above saved the day, and I learned quite a few things in the process.
    If you don’t mind, I’m going to blog about this subject as well, and add you as a reference.

  34. Jakob says :

    ROFL, I did almost the same: :)

    sudo usermod -G audio jakob

  35. zchroeder says :

    Thank you very much. I goofed up my groups exactly the same way. Your post helped a lot!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 149 other followers

%d bloggers like this: