Lost my keys - not in sudoers anymore

9 risposte [Ultimo contenuto]
buildcomplete
Offline
Iscritto: 01/26/2015

Hello Freedom fighters!

I have just installed Trisquel and likes it.

But I have already f*cked up.
I have somehow managed to get me out of the sudoes group.

what I have done; was to add myself to the www-data group could this be related?
(sudo usermod christian -G www-data)

More importantly, how can i get myself back in the sudoers group??

SuperTramp83

I am a translator!

Offline
Iscritto: 10/31/2014

Never had that issue but I see someone posted the exact same question here and there are some answers. hope you can solve it
http://unix.stackexchange.com/questions/168881/fedora-how-can-i-add-myself-back-to-sudoers-file

welcome to the trisquel community!

buildcomplete
Offline
Iscritto: 01/26/2015

Thanks supertramp,

look like a good link, I will have a go

Legimet
Offline
Iscritto: 12/10/2013

According to the man page for usermod, this is what the -G option does.

If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the
user to the current supplementary group list.

If you had used the -a option, this wouldn't have happened. One way to fix it would be to boot from a live CD and chroot into your Trisquel partition.

buildcomplete
Offline
Iscritto: 01/26/2015

Hi Legimet,

it works!

seems we can learn a bit everyday...
That little -a is really important here...

Trying to modify the command line from grub promted me for root password... so that was a nogo.

so, as you suggested, I had to start from the livecd.

I modified the /etc/group by hand and added my user to the same groups that the trisquel user was in from the live cd.
but there are some of the groups i have no idea what the reason is for.

can someone verify that the groups i have added myself to are sane.

> cat /etc/group | grep christian
adm:x:4:syslog,christian
dialout:x:20:christian
cdrom:x:24:christian
floppy:x:25:christian
sudo:x:27:christian
audio:x:29:pulse,christian
dip:x:30:christian
www-data:x:33:christian
video:x:44:christian
plugdev:x:46:christian
users:x:100:christian
lpadmin:x:108:christian
christian:x:1000:
sambashare:x:120:christian

especially 'dip','adm' and 'dialout'

lembas
Offline
Iscritto: 05/13/2010

Hi and welcome! :)

Looks pretty good. Somebody who hasn't messed around with their groups could pop open a terminal and input

groups

to compare.

Magic Banana

I am a member!

I am a translator!

Offline
Iscritto: 07/24/2010

$ groups
my_username adm dialout cdrom floppy sudo audio dip video plugdev users lpadmin sambashare

"my_username" is, well, my user name. :-)

buildcomplete
Offline
Iscritto: 01/26/2015

thanks Magic Banana, it looks the groups are fine then :)

Magic Banana

I am a member!

I am a translator!

Offline
Iscritto: 07/24/2010

From almost any GNU/Linux distribution, you can boot an entry that says "recovery mode" and you will be presented a root terminal where you can fix anything... or break things more!

Unfortunately, Trisquel uselessly makes your system harder to repair: you have to fight to end up with a root terminal! You can, for instance, 'chroot' from a Live system: https://help.ubuntu.com/community/Grub2/Installing#via_ChRoot

To have a "recovery mode" entry in GRUB, comment the following line in /etc/default/grub:
GRUB_DISABLE_RECOVERY="true"

Then execute:
$ sudo update-grub

To not have the useless GRUB password you faced, you can comment all lines in /etc/grub.d/01_PASSWORD and then run 'sudo update-grub'.

When I write that the GRUB password is useless, I am actually repeating what GRUB's developers state in their documentation ( https://www.gnu.org/software/grub/manual/grub.html#Security ):

By default, the boot loader interface is accessible to anyone with physical access to the console: anyone can select and edit any menu entry, and anyone can get direct access to a GRUB shell prompt. For most systems, this is reasonable since anyone with direct physical access has a variety of other ways to gain full access, and requiring authentication at the boot loader level would only serve to make it difficult to recover broken systems.

buildcomplete
Offline
Iscritto: 01/26/2015

Agreed, that is a stupid default...