23

I have one admin account and recently I have accidentally added myself to a single group (usermod -G without -a).

So, I am not in the sudoers file any more. However, it is not possible to log in to root by default on Ubuntu. Do I reset the password for root during the boot process?

Flyk
  • 1,480
m33lky
  • 873

1 Answers1

42

No need to reset root password (well, technically, Ubuntu's root does not even have a password). Do this:

  • Reboot your PC

  • In Grub's OS selection screen, choose "Ubuntu xxxx - recovery mode"

  • Now you have a console with root privileges. Add your user back to sudo group:

      usermod -a -G sudo youruser

The shell might reply that it cannot do it because the file system in mounted in read-only. To remount your fs in read-write: mount -o remount,rw /

  • That will be enough for sudo. But its suggested you also re-add yourself to other default administrative groups. You can reboot, logon normally and use GUI:

Menu > Administration > Users and Groups > Advanced Settings > User Privileges or Account Type (Change...) > Administrative

  • Or use this command:

      sudo usermod -a -G adm,cdrom,plugdev,lpadmin,sambashare youruser

Notes:

  • The sudo group used to be the admin group prior to Ubuntu 12.04. If you're on anything older, replace the group sudo with the group admin in the above commands.
  • Starting from Ubuntu 20.04, the fuse group does not exist anymore. It allowed regular users to access /dev/fuse using fusemount, i.e., to mount FUSE filesystems. But since Debian 8 /dev/fuse is already world-writeable by default.

Important Note: The default set of groups for what is considered an "Administrator" role changes over time, as some groups become obsolete or irrelevant (such as tape or floppy), are removed, renamed or re-organized, or are created in your system only when related packages are installed (sambashare, virtualbox, www_data). So in a few years adm, cdrom or lpadmin might not exist (that is, if they still do!).

Besides, some features that currently use groups for filesystem-based permissions might change to another access permission mechanism, such as udev, PAM, AppArmor, SELinux, etc.

So the only way to get an updated list of groups is... to check your current system! Create a new temporary Administrator user using the GUI, or do a fresh install in a VM, and see which groups the user is assigned to by default.

MestreLion
  • 20,086
  • That's what I figured out myself. Thanks anyways :) – m33lky Aug 31 '11 at 05:49
  • 2
    Glad you found out. And hope you didnt "reset" root's password while trying. In Ubuntu root is a disabled account (=no password), for a good reason. Keep it that way. You will still be able to use sudo, sudo su, recovery mode, etc. Disabling root's password only mean you can not login as root in a login shell, which is a very good security measure. – MestreLion Aug 31 '11 at 05:57
  • Hypothetically ... What if one had disabled GRUB recovery mode by uncommenting GRUB_DISABLE_RECOVERY="true" in /etc/default/grub. What would one do? – olfek May 26 '16 at 22:18
  • 1
    @sudoman: boot using a CD/USB live session, mount the original root partition, edit its /etc/default/grub(or directly the config files at /boot/grub) and update/reinstall grub. Basically the same procedures as if you had lost grub as the boot manager (when installing windows, for example) – MestreLion Jun 01 '16 at 10:05
  • On Mint 20, I get usermod: group 'fuse' does not exist, so I just left it out. – CoderGuy123 Apr 10 '21 at 13:11
  • @CoderGuy123 thanks for pointing that out! Did some research and added a note about it. – MestreLion Apr 10 '21 at 14:53