Restore Default Ubuntu Groups. July 2, 2007
Posted by ccollins in Linux, Open Source, Ubuntu.trackback
While this affected me on Ubuntu, I guess it’s possible that other Linux distros will also be affected. Though the incorrect use of usermod, I managed to screw up my groups configuration leaving me without sudo or su ability, which is obviously important on Ubuntu to make system configuration changes. Read on for the whole story of how I recovered, and restored correct groups again.
One of the libraries I’m using required me to be a member of the uucp group for it to work, so off I went and read the manpage of usermod so I could add myself to that group. Two shakes of a lambs tail later I had issued a:
sudo usermod -G uucp ccollins
This was quite effective at adding me to the uucp group, but had the unfortunate side effect of removing me from all the other groups I was a member of. To top it all off, not being a member of admin anymore, I could no longer use sudo or su, and was effectively unable to recover.
What I should have done, was issue usermod as:
sudo usermod -a -G uucp ccollins
This would have the effect of appending the group to my list, rather than replacing.
So, to recover I had to use the Ubuntu live CD. I booted Ubuntu from the live CD and when I logged in I was able to mount my root partition (/). Once this was done, I could manually edit the /etc/group file and add myself to the admin group. A quick reboot later and I was able to use sudo and su again, and add myself to all the other groups I’d lost.
sudo usermod -G ccollins,adm,uucp,dialout,cdrom, \ floppy,audio,dip,video,plugdev,scanner,netdev, \ lpadmin,powerdev,admin ccollins sudo usermod -g ccollins ccollins
This restored my group memberships, and restored my initial group to ccollins. All I needed to do now, was log out and log in.
Woohoo. This was a lifesaver!
[...] Important, make sure the -a switch is used, otherwise the user kamil will be a member of the audio group only! If that happens you will have to restore the original group permissions as discussed by ccollins in this post. [...]
Thanx a lot!! It was difficult for me to remmeber what was the fu@%! problem. Later on I realized that I missunderstand the usermod shit just like you.
Maybe the activation of the root login isn’t a bad idea after all.
Aknowledges from México.
Wow! Your quick little note was a life saver for me too.
I was trying out some Ubuntu admin stuff and wrongly used the usermod command “exactly” like you did. But, I did so because the book I was referring to told me to do so!! (WTF!! I know!)
Anyway, once that was done, I reboot the system into recovery mode (single user mode through Grub) and added a root passwd. So, then on I could use “su -” to become root, but, otherwise I felt pretty helpless since I couldn’t work with sudo.
I am now going to restore my admin privileges as per your note and hopefully things will work well.
Thanks for encountering the problem, finding the solution, and most improtantly posting it for public use. Great job.
Dude, Duuuuuude!!! thanks alot man,this helped me alot, and i learned something new in the process. Thanks for sharing it ;)
This is a complete lifesaver. A few things that would’ve saved me quite a bit of time:
* if the user calling “$ sudo …” isn’t in the group admin, the command won’t execute but the user won’t be notified. You have to use $ su and log in as root.
* the changes take effect as soon the user whose groups are changed logs in the next time. A reboot isn’t necessary!
thank you! I’ve done that mistake with usermod too!
Another thanks over here… you fixed me!
you have no idea how much this just helped. Thank you so much!
Thanx. It’s the clearest explanation I’ve found.
And it’s really helped
Wow! Thank you for this. I had completely forgotten and it was driving me nuts as the CLI kept spitting back error reports with Usage instructions…. of which were not very helpful. But this post was.
A quick note at the risk of sounding pretentious, it’s best to experiment your system administration tasks on guest accounts or accounts that wouldn’t affect you if you messed them up. I’ve been toying with a bunch of advanced configuration lately, like everyone here… but when I do I make absolutely sure I’m playing with the guest account.
Cheers
Hi Patrick,
That’s true. When it comes to Linux and Unix type systems, it pays to be paranoid :-)
-Chris
Jason over at Ubuntu Forums suggests an even easier fix for messed up groups. Reboot into the recovery console and execute “adduser YOUR_USERNAME_HERE admin”. That gets you back on the admin group, and allows you to recover your other groups also.
Full post is here:
http://ubuntuforums.org/showpost.php?p=4273283&postcount=2
Great tip, here. Thanks.
I should add that not having a “root” in Ubuntu really floored me. Fortunately, I have physical access to the machine, other wise my omission of the -a would have been a catastrophe.
Live and learn.
Just to say as Oggle did – you don’t have any idea how much that helped me! Thanks a thousand times!
It saved my bacon, and it was EXACTLY the same thing, but my evil group was sbox.
Thank you.
Same problem here, this article was a life saver. Perhaps the man pages should include some kind of warning, as this seems to happen a lot.
Thanks.
Many thanks – I messed up in exactly the same way. Very handy to have a list of default group memberships out there.
Unreal. U saved my life! I was studying for LPI and the text book told me to run the command: sudo usermod -G sales bob. Next time I booted up I couldn’t log in, system couldn’t find my home folder, I couldn’t access my home folder, all thiseven though I still owned it. Nightmare.
I think I love you.
lol
If you don’t have a live CD your can edit the grub menu line : add “init=/bin/bash” and boot.
You then have access to a bash terminal with no need for password or root right.
You must remount your partition with write rights:
mount -o remount,rw /
then edit /etc/group to add sudo right to your user.
reboot and you are done
Great!
There is a quick solution w/o having to boot from a live CD.
But a requirement is that you must have an existing webmin installed. I don’t know that this will going to everyone but at least it works for me. The reason why I said this because I am currently logged at the webmin web interface. I don’t know if you can still log in at the webmin once you messed with your admin group.
I am a user of Ubuntu for over a year but I still messed the admin group and still don’t know that the group is critical to the Ubuntu system. I deleted it via webmin, since I want to create a user admin for that purpose. Now when I go to the CLI to install software, the error says I am not belong to the sudoers file.
The thing is I am currently logged at the webmin interface. I simply re-created the group admin. I put my username on that group and try to access the synaptic again without error. I can now use the CLI and install programs.
Thanks a lot! Very helpful…
Thanks a lot!! It helped me too
You don’t actually need to use a live CD. When grub starts, hit escape to bring up the boot menu, and select ‘recovery mode’. When in recovery mode, select the option to drop to a root prompt. Then type in the command:
adduser <username> admin
where <username> is the account you want to add to the admin group.
Reboot, and you should be able to add yourself to other groups from a terminal on the desktop.
Thanks Jim,
The operations of the recovery console are not something I know a lot about. Thanks for the tip! You learn something new every day :-)
-Chris