Hi All, I'm running ubuntu (brezzy), and I just shot myself in the foot.... I went to add my username to a new group, but forgot to include the other groups that I belong to in the command. The command I used was 'sudo usermod -G <new-group> <my-username>'. Now I only belong to <new-group>. That removed my username from the other groups I belonged to, including the admin group. Is there a way undo what I did? I do have a copy of /etc/group before the change. Thanks, -Chuck
On Wed, May 10, 2006 at 10:24:22AM -0400, Chuck Noyes wrote:
'sudo usermod -G <new-group> <my-username>'. Now I only belong to <new-group>. That removed my username from the other groups I belonged to, including the admin group. Is there a way undo what I did? I do have a copy of /etc/group before the change.
/etc/group- should be a backup. Also, you need to restore /etc/gshadow-. I would save a copy of the current files: cp /etc/group /etc/group.SAVE cp /etc/gshadow /etc/gshadow.SAVE Then restore the backups: cp /etc/group- /etc/group cp /etc/gshadow- /etc/gshadow You can check the files for correctness: grpck (likewise with passwd, shadow, pwck)
Unfortunately, I don't have write access to /etc and I don't have read access to /etc/gshadow. cp /etc/group /etc/group.SAVE cp: cannot create regular file `/etc/group.SAVE': Permission denied cat /etc/gshadow cat: /etc/gshadow: Permission denied Chuck Anderson wrote:
On Wed, May 10, 2006 at 10:24:22AM -0400, Chuck Noyes wrote:
'sudo usermod -G <new-group> <my-username>'. Now I only belong to <new-group>. That removed my username from the other groups I belonged to, including the admin group. Is there a way undo what I did? I do have a copy of /etc/group before the change.
/etc/group- should be a backup. Also, you need to restore /etc/gshadow-. I would save a copy of the current files:
cp /etc/group /etc/group.SAVE cp /etc/gshadow /etc/gshadow.SAVE
Then restore the backups:
cp /etc/group- /etc/group cp /etc/gshadow- /etc/gshadow
You can check the files for correctness:
grpck
(likewise with passwd, shadow, pwck) _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
sudo :) On 5/10/06, Chuck Noyes <vze284qe@verizon.net> wrote:
Unfortunately, I don't have write access to /etc and I don't have read access to /etc/gshadow.
cp /etc/group /etc/group.SAVE cp: cannot create regular file `/etc/group.SAVE': Permission denied
cat /etc/gshadow cat: /etc/gshadow: Permission denied
Chuck Anderson wrote:
On Wed, May 10, 2006 at 10:24:22AM -0400, Chuck Noyes wrote:
'sudo usermod -G <new-group> <my-username>'. Now I only belong to <new-group>. That removed my username from the other groups I belonged to, including the admin group. Is there a way undo what I did? I do have a copy of /etc/group before the change.
/etc/group- should be a backup. Also, you need to restore /etc/gshadow-. I would save a copy of the current files:
cp /etc/group /etc/group.SAVE cp /etc/gshadow /etc/gshadow.SAVE
Then restore the backups:
cp /etc/group- /etc/group cp /etc/gshadow- /etc/gshadow
You can check the files for correctness:
grpck
(likewise with passwd, shadow, pwck) _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
sounds like a liveCD would make short work of this. Boot liveCD, mount / somewhere, re-edit your /somewhere/etc/group file --- Jared Greenwald <greenwaldjared@gmail.com> wrote:
sudo :)
On 5/10/06, Chuck Noyes <vze284qe@verizon.net> wrote:
Unfortunately, I don't have write access to /etc and I don't have read access to /etc/gshadow.
cp /etc/group /etc/group.SAVE cp: cannot create regular file `/etc/group.SAVE': Permission denied
cat /etc/gshadow cat: /etc/gshadow: Permission denied
Chuck Anderson wrote:
On Wed, May 10, 2006 at 10:24:22AM -0400, Chuck Noyes wrote:
'sudo usermod -G <new-group> <my-username>'. Now I only belong to <new-group>. That removed my username from the other groups I belonged to, including the admin group. Is there a way undo what I did? I do have a copy of /etc/group before the change.
/etc/group- should be a backup. Also, you need to restore /etc/gshadow-. I would save a copy of the current files:
cp /etc/group /etc/group.SAVE cp /etc/gshadow /etc/gshadow.SAVE
Then restore the backups:
cp /etc/group- /etc/group cp /etc/gshadow- /etc/gshadow
You can check the files for correctness:
grpck
(likewise with passwd, shadow, pwck) _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
That fixed it! I booted a live beta copy of "Dapper" and mounted my / partition and proceeded to follow Chuck's advice. Now all is well. Thanks guys!!! BTW: the "usermod" command does seem a bit awkward. If I'm a member of "n" groups and I want to join another group, I have to specify ALL "n" groups plus the new group. As Jamie mentioned, there is a "groupmod" command, but in Ubuntu, it really doesn't do what I want. From the man page: The groupmod command modifies the system account files to reflect the changes that are specified on the command line. The options which apply to the groupmod command are -g gid The numerical value of the group’s ID. This value must be unique, unless the -o option is used. The value must be non-negative. Values between 0 and 99 are typically reserved for system groups. Any files which the old group ID is the file group ID must have the file group ID changed manually. -n group_name The name of the group will be changed from group to group_name. And "groupadd" just creates a new group. Mike Leo wrote:
sounds like a liveCD would make short work of this.
Boot liveCD, mount / somewhere, re-edit your /somewhere/etc/group file
--- Jared Greenwald <greenwaldjared@gmail.com> wrote:
sudo :)
On 5/10/06, Chuck Noyes <vze284qe@verizon.net> wrote:
Unfortunately, I don't have write access to /etc and I don't have read access to /etc/gshadow.
cp /etc/group /etc/group.SAVE cp: cannot create regular file `/etc/group.SAVE': Permission denied
cat /etc/gshadow cat: /etc/gshadow: Permission denied
Chuck Anderson wrote:
On Wed, May 10, 2006 at 10:24:22AM -0400, Chuck Noyes wrote:
'sudo usermod -G <new-group> <my-username>'. Now I only belong to <new-group>. That removed my username from the other groups I belonged to, including the admin group. Is there a way undo what I did? I do have a copy of /etc/group before the change.
/etc/group- should be a backup. Also, you need to restore /etc/gshadow-. I would save a copy of the current files:
cp /etc/group /etc/group.SAVE cp /etc/gshadow /etc/gshadow.SAVE
Then restore the backups:
cp /etc/group- /etc/group cp /etc/gshadow- /etc/gshadow
You can check the files for correctness:
grpck
(likewise with passwd, shadow, pwck) _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
On Wed, 10 May 2006, Chuck Noyes wrote:
Hi All,
I'm running ubuntu (brezzy), and I just shot myself in the foot....
I went to add my username to a new group, but forgot to include the other groups that I belong to in the command. The command I used was 'sudo usermod -G <new-group> <my-username>'. Now I only belong to <new-group>. That removed my username from the other groups I belonged to, including the admin group.
If its a personal system, I live dangerously, $ su # $EDITOR /etc/group :) But what really struck me was "Wow, what a horrible interface! You actually have to specify the full list of groups the user already belongs to, _plus_ the new group?!". Looking around my SuSE 9.x desktop at work, I found this (which does exactly what you were after), [sudo] groupmod -A <user> <group> On SuSE (9.x anyway) groupmod is part of the pwdutils package. But on gentoo, which I run everywhere else, groupmod is part of the shadow package, and it has a more limited set of options, _not_ including "-A". Although usermod in gentoo/shadow has a "-a" option to prevent it from deleting you from the other groups. Sigh... I'm sticking with $EDITOR. -Jamie
On Wed, May 10, 2006 at 02:20:29PM -0400, Jamie Guinan wrote:
But what really struck me was "Wow, what a horrible interface! You actually have to specify the full list of groups the user already belongs to, _plus_ the new group?!".
Not Fedora's usermod: usermod(8) -G, --groups GROUP1[,GROUP2,...[,GROUPN]]] A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via -a option, which appends user to the current supplementary group list.
On Wed, 10 May 2006, Chuck Anderson wrote:
On Wed, May 10, 2006 at 02:20:29PM -0400, Jamie Guinan wrote:
But what really struck me was "Wow, what a horrible interface! You actually have to specify the full list of groups the user already belongs to, _plus_ the new group?!".
Not Fedora's usermod:
usermod(8)
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]] A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via -a option, which appends user to the current supplementary group list.
If I understand this correctly, the default behavior is that you're removed from every group _not_ listed, unless you notice the part about "-a". Seems backwards, I'd much rather have append by default, with a "-d" to delete from not-listed groups. I think its much more likely that I'm a member of 10 groups and I wanted to be added to an 11th, rather than add me to a single group and bump me from the 10 I'm already in. I'm sure there's plenty of admin scripts that depend on the current behavior, though. -Jamie
Hello Chuck, Another thing you can do is to pass init=/bin/bash to the kernel via grub at boot time. / will be mounted ro; remount it and /tmp rw and then edit /etc/group (vi /etc/group, vigroup (sp?), or use usermod by mounting /usr as well). This is why it is a good idea to use grub passwords on public machines ;-). -Adam On May 10, 2006, at 10:24 AM, Chuck Noyes wrote:
Hi All,
I'm running ubuntu (brezzy), and I just shot myself in the foot....
I went to add my username to a new group, but forgot to include the other groups that I belong to in the command. The command I used was 'sudo usermod -G <new-group> <my-username>'. Now I only belong to <new-group>. That removed my username from the other groups I belonged to, including the admin group.
Is there a way undo what I did? I do have a copy of /etc/group before the change.
Thanks, -Chuck _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
participants (6)
-
Adam Keck -
Chuck Anderson -
Chuck Noyes -
Jamie Guinan -
Jared Greenwald -
Mike Leo