[tweetmeme source=”gosub3000”]
While this affected me on Ubuntu, I guess it’s possible that other Linux distros will also be affected. Though the incorrect use of usermod, I managed to screw up my groups configuration leaving me without sudo or su ability, which is obviously important on Ubuntu to make system configuration changes. Read on for the whole story of how I recovered, and restored correct groups again.
One of the libraries I’m using required me to be a member of the uucp group for it to work, so off I went and read the manpage of usermod so I could add myself to that group. Two shakes of a lambs tail later I had issued a:
sudo usermod -G uucp ccollins
This was quite effective at adding me to the uucp group, but had the unfortunate side effect of removing me from all the other groups I was a member of. To top it all off, not being a member of admin anymore, I could no longer use sudo or su, and was effectively unable to recover.
What I should have done, was issue usermod as:
sudo usermod -a -G uucp ccollins
This would have the effect of appending the group to my list, rather than replacing.
So, to recover I had to use the Ubuntu live CD. I booted Ubuntu from the live CD and when I logged in I was able to mount my root partition (/). Once this was done, I could manually edit the /etc/group file and add myself to the admin group. A quick reboot later and I was able to use sudo and su again, and add myself to all the other groups I’d lost.
sudo usermod -G ccollins,adm,uucp,dialout,cdrom, \ floppy,audio,dip,video,plugdev,scanner,netdev, \ lpadmin,powerdev,admin ccollins sudo usermod -g ccollins ccollins
This restored my group memberships, and restored my initial group to ccollins. All I needed to do now, was log out and log in.
Chris Collins 
Woohoo. This was a lifesaver!
Pingback: Linux Blog - linux.dsplabs.com.au » Blog Archive » No volume control GStreamer ... found — no sound on Ubuntu
Thanx a lot!! It was difficult for me to remmeber what was the fu@%! problem. Later on I realized that I missunderstand the usermod shit just like you.
Maybe the activation of the root login isn’t a bad idea after all.
Aknowledges from México.
Wow! Your quick little note was a life saver for me too.
I was trying out some Ubuntu admin stuff and wrongly used the usermod command “exactly” like you did. But, I did so because the book I was referring to told me to do so!! (WTF!! I know!)
Anyway, once that was done, I reboot the system into recovery mode (single user mode through Grub) and added a root passwd. So, then on I could use “su -” to become root, but, otherwise I felt pretty helpless since I couldn’t work with sudo.
I am now going to restore my admin privileges as per your note and hopefully things will work well.
Thanks for encountering the problem, finding the solution, and most improtantly posting it for public use. Great job.
Dude, Duuuuuude!!! thanks alot man,this helped me alot, and i learned something new in the process. Thanks for sharing it ;)
This is a complete lifesaver. A few things that would’ve saved me quite a bit of time:
* if the user calling “$ sudo …” isn’t in the group admin, the command won’t execute but the user won’t be notified. You have to use $ su and log in as root.
* the changes take effect as soon the user whose groups are changed logs in the next time. A reboot isn’t necessary!
thank you! I’ve done that mistake with usermod too!
Another thanks over here… you fixed me!
you have no idea how much this just helped. Thank you so much!
Thanx. It’s the clearest explanation I’ve found.
And it’s really helped
Wow! Thank you for this. I had completely forgotten and it was driving me nuts as the CLI kept spitting back error reports with Usage instructions…. of which were not very helpful. But this post was.
A quick note at the risk of sounding pretentious, it’s best to experiment your system administration tasks on guest accounts or accounts that wouldn’t affect you if you messed them up. I’ve been toying with a bunch of advanced configuration lately, like everyone here… but when I do I make absolutely sure I’m playing with the guest account.
Cheers
I have installed the Ubuntu using Wubi. I do not have any Live CD/USB..
I boot into my Ubuntu via windows boot loader
which also doesn’t show me the recovery mode.
what should i do
@strongcofirul,
Sorry, I’m not all that familiar with Wubi installs.
Hi Patrick,
That’s true. When it comes to Linux and Unix type systems, it pays to be paranoid :-)
-Chris
Jason over at Ubuntu Forums suggests an even easier fix for messed up groups. Reboot into the recovery console and execute “adduser YOUR_USERNAME_HERE admin”. That gets you back on the admin group, and allows you to recover your other groups also.
Full post is here:
http://ubuntuforums.org/showpost.php?p=4273283&postcount=2
Great tip, here. Thanks.
I should add that not having a “root” in Ubuntu really floored me. Fortunately, I have physical access to the machine, other wise my omission of the -a would have been a catastrophe.
Live and learn.
Just to say as Oggle did – you don’t have any idea how much that helped me! Thanks a thousand times!
It saved my bacon, and it was EXACTLY the same thing, but my evil group was sbox.
Thank you.
Same problem here, this article was a life saver. Perhaps the man pages should include some kind of warning, as this seems to happen a lot.
Thanks.
Many thanks – I messed up in exactly the same way. Very handy to have a list of default group memberships out there.
Unreal. U saved my life! I was studying for LPI and the text book told me to run the command: sudo usermod -G sales bob. Next time I booted up I couldn’t log in, system couldn’t find my home folder, I couldn’t access my home folder, all thiseven though I still owned it. Nightmare.
I think I love you.
lol
If you don’t have a live CD your can edit the grub menu line : add “init=/bin/bash” and boot.
You then have access to a bash terminal with no need for password or root right.
You must remount your partition with write rights:
mount -o remount,rw /
then edit /etc/group to add sudo right to your user.
reboot and you are done
Great!
There is a quick solution w/o having to boot from a live CD.
But a requirement is that you must have an existing webmin installed. I don’t know that this will going to everyone but at least it works for me. The reason why I said this because I am currently logged at the webmin web interface. I don’t know if you can still log in at the webmin once you messed with your admin group.
I am a user of Ubuntu for over a year but I still messed the admin group and still don’t know that the group is critical to the Ubuntu system. I deleted it via webmin, since I want to create a user admin for that purpose. Now when I go to the CLI to install software, the error says I am not belong to the sudoers file.
The thing is I am currently logged at the webmin interface. I simply re-created the group admin. I put my username on that group and try to access the synaptic again without error. I can now use the CLI and install programs.
Thanks a lot! Very helpful…
Thanks a lot!! It helped me too
You don’t actually need to use a live CD. When grub starts, hit escape to bring up the boot menu, and select ‘recovery mode’. When in recovery mode, select the option to drop to a root prompt. Then type in the command:
adduser <username> admin
where <username> is the account you want to add to the admin group.
Reboot, and you should be able to add yourself to other groups from a terminal on the desktop.
Thanks Jim,
The operations of the recovery console are not something I know a lot about. Thanks for the tip! You learn something new every day :-)
-Chris
Thank you!
You are a star for taking the trouble to document this. Same problem. Had just about worked that I might have screwed things up with similar usermod. You saved me a lot of trouble about where to go next! :-)
I ran into the same problem by misunderstanding the use of usermod as you did.
But I googled and found out we could use recovery mode the regain __admin__ .
After doing that I found out I could do sudo/su again, but still missing the default groups that I should be in. I found out you solution, Oh, perfect!!
It seems to me a crazy default behaviour for Usermod. Why not -a (add) as default. Add a switch for the replace behaviour (-r)?
If not that at least warn the user that bad s#!t is about to happen and ask for confirmation.
So anyone can add themselves to the admin group just by running the Live CD and editing the /etc/group file? So basically if a user has access to the box they can make themselves admin? I don’t like the sound of that.
Thanks for this! It might help to add that there is actually a backup file of the groups you used to belong to before, so once you have added yourself to the sudoers group again, you can look up your old groups like this:
sudo grep /var/backups/group.bak
Then re-add yourself to the groups as described above. Thanks again! :)
Sorry, the editor deleted something. The command is:
sudo grep YOUR_USERNAME /var/backups/group.bak
Obviously replace YOUR_USERNAME with your own username.
Another saved guy.
Thanks for both tips !
The file /etc/group- is not the good backup in my case (see below comment).
When /var/backups/group.bak is the good one :)
Cheers fella,
Your a bloody life saver.
I would simply restore it from the backup file /etc/group- (notice trailing “-” ). It worked for me to restore my Ubuntu 11.10 server edition.
I would say inorder to prevent such things from happening set a root password by doing the following:
user@machine#sudo su
root@machine#passwd
Set the password here for the root user
If in future if anything gets screwed and you can’t sudo, you can
#su
to login as root
Cheers
Aravind
Thanks Aravind. Though I would advise against setting a blank superuser password, for obvious security reasons.
I didn’t advise to set blank superuser password. I simply suggested to set A superuser password because by default there is no root user in Ubuntu (atleast in UbuntuServer 11.10 the one I had issues with ). When you set the password it gets created.
@Aravind,
Apologies. I’ve just read your last comment properly now.
Sorry for shooting from the hip on a highly caffeinated day.
-Chris
Excellent. Thanks, you just saved me a lot of time and headache. Due to my own stupidity I removed myself from admin group. Your solution above saved the day, and I learned quite a few things in the process.
If you don’t mind, I’m going to blog about this subject as well, and add you as a reference.
Pingback: Restore lost admin group membership « Ubuntu Technical
ROFL, I did almost the same: :)
sudo usermod -G audio jakob
Thank you very much. I goofed up my groups exactly the same way. Your post helped a lot!
@zchroeder, we live and learn. Many thanks.
Pingback: What are the default groups assigned to the first user in Ubuntu Server? [closed] - Just just easy answers