I've lost sudo access and I don't really understand why
Chris Green
cl at isbd.net
Thu Mar 19 08:48:00 UTC 2020
On Thu, Mar 19, 2020 at 09:18:14AM +1100, Karl Auer wrote:
> On Wed, 2020-03-18 at 21:28 +0000, Chris Green wrote:
> > So (unless using the -a option) usermod removes group membership that
> > isn't specifically stated. Surely there's an easier way to add
> > oneself to an extra group.
>
> It's not that tricky - the -G option sets the list of groups the user
> should belong to. If you want to APPEND that list to the list of groups
> the user ALREADY belongs to, specify -a as well.
>
> Which is more dangerous - to permit a person with sudo access to lose
> it by mistake, or to permit a person who should not have access to
> certain groups to retain them by mistake? usermod says it's the former,
> and thus makes "don't append" the default.
>
It's unlikely IMHO that one would do 'usermod -G groupx fred' with the
explicit purpose of removing fred from all the other groups he's a
member of. In fact why would the admin person necessarily *know*
which groups fred should be a member of?
> Personally I almost always modify /etc/groups directly (i.e., with a
> text editor) unless the operation is scripted. It has never failed me
> in well over 30 years of Unixing.
>
Yes, so do I, but I decided to do it the 'right' way using usermod and
got bitten! :-)
> If it really worries you, set up an alias that does a group append for
> you.
>
No, I'll just go back to editing the file directly.
--
Chris Green
More information about the ubuntu-users
mailing list