Scenario / Questions
On ubuntu server, I’ve noticed more than once now that after adding a user to a group that user doesn’t have group permissions until I reboot the system. For example:
User ‘hudson’ needs permission to read directory ‘root:shadow /etc/shadow’
So I add hudson to the shadow group. hudson still cannot read. So, I ‘sudo shutdown -h -r now’ and when the system comes up again user hudson can read.
Is a reboot required or is there a better way to get permissions applied after adding the user to the group?
Find below all possible solutions or suggestions for the above questions..
I was looking for a solution, came across this post, and then later found one!
I’d thought I’d actually offer a solution so others can benefit. Logging in and out is so 1995.
So if you needed to get permissions for the
cdrom group you just added your user to:
So the steps would be:
#adduser my_user cdrom
I’ve confirmed that it works.
$groups check from the CLI shows the user is in the group. And a quick execution with needed privileges from that group works.
No need to kill your windows and login and logout! Hope that helps others!
Additional Information (based on jytou’s helpful comment): “[This] solution will work only for the current opened shell. If you have another shell open, you’ll need to use the same command to take the changes into account.”
When adding a user to a new group, the user must log out and log back in for it to take affect. While a reboot will accomplish that, it should not be required.
Adding a user to a group does not effect currently logged in users.
In the case of a daemon, you need to restart it for new groups to be applied.
Furthermore, restarting the daemon using an option in the daemon itself will not work as that will inherit the current environment.
The easiest way to get it to work is to fully stop the daemon and start it again, as in..
/etc/init.d/foo stop ; /etc/init.d/foo start
that is much more easiere, you can check your current access level by typing:
to reload your groups you just need:
su - $USER
after that check access level again:
and you will see new group is now active.
There’s a different failure mode which should also be addressed here.
If the admin updated
/etc/group but failed to update
/etc/gshadow (on systems which have this setup), logging out and back in will not actually assign you to the new group.
groups will show you the real, current situation, whereas
id will incorrectly print output which indicates that you are properly a member of the group.
tripleee@vbvntv$ groups tripleee tripleee@vbvntv$ id uid=1234(tripleee) gid=1234(tripleee) groups=1234(tripleee),4(adm) tripleee@vbvntv$ ls -l /var/log/mail.log -rw-r----- 1 root adm 15728 May 26 14:26 /var/log/mail.log tripleee@vbvntv$ tail /var/log/mail.log tail: cannot open `/var/log/mail.log' for reading: Permission denied
I can’t use
newgrp because it asks for a password, and I don’t have a password, only SSH public key authentication.
The solution would be for the admin to revert the manual edit of
/etc/groups and then do it again with
sudo gpasswd -a tripleee adm; or alternatively, to use
grpconv to merge the changes (which I picked up from https://serverfault.com/a/389719/98333)
Kubernetes Free Online Tutorial, Kubernetes Beginner Tutorial
DevOps Free Online Tutorial, DevOps Beginner Tutorial
Ansible Free Online Tutorial, Ansible Beginner Tutorial
Docker Free Online Tutorial, Docker Beginner Tutorial
Openstack Free Online Tutorial, Openstack Beginner Tutorial
Disclaimer: This has been sourced from a third party syndicated feed through internet. We are not responsibility or liability for its dependability, trustworthiness, reliability and data of the text. We reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever.