When it comes to user permission even a system administrator sometimes gets confused. No matter what linux training or administration training courses one has had one mistake and sever management can become a hell. Same holds true even for a Linux user at home. One has to be extremely careful while changing the primary group of any existing user. If you do some research, you will find that several people accidentally locked themselves out of being able to sudo. In order to avoid these unnecessary headaches it is essential that you change primary group of a user in linux, correctly.
Record the Current State
Before you change primary group of a Linux user, make a note of the user's current status. Let us consider a user by the username "mackey". You can find this users current group memberships like this:
$ groups
$ mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin
The user mackey's primary group is "mackey". This is user is also associated with a bunch of other groups: adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin.
Note that adm, cdrom, sudo, dip, plugdev, sambashare, and lpadmin are all default secondary groups assigned to a user in Ubuntu 12.04 Precise Pangolin.
Change Primary Group of User
The command to use is "usermod". Below is the syntax of the command:
usermod - Modify a user account
Syntax:
usermod [-c comment] [-d home_dir [-m]] [-e expire_date] [-f inactive_days] [-g initial_group] [-G group [,...]] [-l login_name] [-p passwd] [-s shell] [-u uid [-o]] [-L|-U] user
Options:
-d home directory
-s starting program (shell)
-p password
-g (primary group assigned to the users)
-G (Other groups the user belongs to)
If you search the internet you may find that you can change the primary group using the following command:
sudo usermod -g NewPrimaryGroup mackey
As expected the above command would change mackey's primary group from "mackey" to "NewPrimaryGroup". However, all of this user's secondary group memberships will be gone, including "admin". This means that the user will henceforth be not able to use the "sudo" command to gain root access. This user will not be able to do any changes to the system (eg. install/remove softwares).
This, however, does not happen in all distributions. For example, in Ubuntu 12.04 Precise Pangolin "sudo usermod -g NewPrimaryGroup user" command assigns the new primary group to the user keeping all existing secondary groups. Yet, I like to change primary group the safe way, which puts control in my hand.
The safe way to change primary group of a Linux user is using this following command:
This command will first change the user mackey's primary group from "mackey" to "NewPrimaryGroup". Then it will assign the user "mackey" to the following secondary groups "mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin". This way mackey's primary group will be changed without affecting his other group memberships or losing his membership to his previous primary group "mackey".
If you change a user's primary group with just the "-g" option and all of his/her secondary group memberships are gone, then you can fix this by couple of different ways.
Method 1: If you had setup a "root" password previously (not normal in Ubuntu) you can login as "root" and then run the following command:
After running the above command, logout and login as the user (mackey in this case).
Method 2: If you did not setup a password for the user "root" then you cannot login as a root user. In this case, from grub menu boot into recovery and enter command line with root previleges. Then run the same command listed above:
Reboot and the user "mackey" should now have all the secondary groups restored. The primary group will be "NewPrimaryGroup".
If you simply want to add an existing user to a secondary group, retaining all his/her primary and secondary group memberships, then use the following command:
usermod -a -G NewSecondaryGroup user
The "-a" option means append to existing memberships.
There you go, now you can change primary group of users safely. Hope this helps.
Anand is a self-learned computer enthusiast, hopeless tinkerer (if it ain't broke, fix it), a part-time blogger, and a Scientist during the day. He has been blogging since 2010 on Linux, Ubuntu, Home/Media/File Servers, Smart Home Automation, and related HOW-TOs.
Deployarr 5 Released!
Automate Homelab Setup with Deployarr. (Launch Sale)
