Saturday, June 30, 2007

If you find you lack the ability to sudo...

While trying to setup Subversion, I needed to add myself to the subversion group. What I ran was "sudo usermod -G subversion sam". That was bad. Not, oh there is no more milk kind of bad. Bad like you just ran over a family member sort of bad. A section of the usermod man page will explain:

-G groups Supplementary groups given by name or number in a comma-separated list with no whitespace. The user will be removed from any groups to which they currently belong that are not included in groups.

Notice that second sentence? I didn't. I continued on my merry way until I needed to sudo. I ran sudo, and nothing happened. No error. Nothing. Being the only user on the system, I frantically tried to reverse the situation, since I would be able to do little of import without this. In the end, I found a related tutorial that let me fix it. The steps:
  • Restart the computer, and be at the console.
  • Press Esc when GRUB comes up.
  • Hover over the latest kernel (what you would normally boot) and press e (to edit it).
  • Go down to the line starting with "kernel /boot/vmlinuz" and press e.
  • At the end of that line, press space and then type "single".
  • Press b to boot into that kernel.
  • Once the system loads, you will be in single user mode, as root.
Of course, as root, you can change your password, your normal user's password, or (as in my case), add yourself back to the admin group.

After you login, you will be able to sudo, but you may notice some other tasks not working. In my case, I was unable to play any music or video files. I was baffled. I checked the permissions, they seemed fine. It turns out there are a lot of groups your user is put in by default, e.g. audio, cdrom, etc, which let you do things like that. If you use Gnome, go to System, Administration, Users and Groups. Find your user, view Properties, and then User Privileges. Check all those boxes, and all should be fine. Alternatively, you could make a new user and run id on it, comparing their groups to yours. This would work on default installs, without any custom user creation scripts.

As a side note, this method creates an extreme security flaw in certain systems. It is possible to turn off interactive GRUB editing if desired. For personal systems without sensitive data, it is best to leave it on, for eventualities like the one I encountered.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home