24

I have one admin account and recently I have accidentally added myself to a single group (usermod -G without -a).

So, I am not in the sudoers file any more. However, it is not possible to log in to root by default on Ubuntu. Do I reset the password for root during the boot process?

Flyk
  • 1,480
  • 3
  • 18
  • 24
m33lky
  • 893

1 Answers1

42

No need to reset root password (well, technically, Ubuntu's root does not even have a password). Do this:

  • Reboot your PC

  • In Grub's OS selection screen, choose "Ubuntu xxxx - recovery mode"

  • Now you have a console with root privileges. Add your user back to sudo group:

      usermod -a -G sudo youruser

The shell might reply that it cannot do it because the file system in mounted in read-only. To remount your fs in read-write: mount -o remount,rw /

  • That will be enough for sudo. But its suggested you also re-add yourself to other default administrative groups. You can reboot, logon normally and use GUI:

Menu > Administration > Users and Groups > Advanced Settings > User Privileges or Account Type (Change...) > Administrative

  • Or use this command:

      sudo usermod -a -G adm,cdrom,plugdev,lpadmin,sambashare youruser

Notes:

  • The sudo group used to be the admin group prior to Ubuntu 12.04. If you're on anything older, replace the group sudo with the group admin in the above commands.
  • Starting from Ubuntu 20.04, the fuse group does not exist anymore. It allowed regular users to access /dev/fuse using fusemount, i.e., to mount FUSE filesystems. But since Debian 8 /dev/fuse is already world-writeable by default.

Important Note: The default set of groups for what is considered an "Administrator" role changes over time, as some groups become obsolete or irrelevant (such as tape or floppy), are removed, renamed or re-organized, or are created in your system only when related packages are installed (sambashare, virtualbox, www_data). So in a few years adm, cdrom or lpadmin might not exist (that is, if they still do!).

Besides, some features that currently use groups for filesystem-based permissions might change to another access permission mechanism, such as udev, PAM, AppArmor, SELinux, etc.

So the only way to get an updated list of groups is... to check your current system! Create a new temporary Administrator user using the GUI, or do a fresh install in a VM, and see which groups the user is assigned to by default.

MestreLion
  • 20,726