LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-19-2008, 02:50 PM   #1
ookamiueru
LQ Newbie
 
Registered: Nov 2008
Posts: 8

Rep: Reputation: 0
Some basic stuff, sudoing etc.


Hi people. I'm having some trouble with some GID and UID stuff.

First of all some clarifying questions (if I state something that is erroneous, please point it out):
The command sudo is used for running commands as root, or as a different user using the -u flag. However, if you get the responce "[myUSERNAME] is not in the sudoers file. This incident will be reported." Does this mean that regardless of the -u user you specify you can not use the sudo command?

Another question is... I'm in a computer where I don't have root. I'd like to change my GID, but the responce received when attempting a

usermod -a -G NEWUID myUSERNAME

is
usermod: unable to lock password file

Does anyone know the actual reason for this error? Im supposed to find a workaround this, but it's kind of hard not knowing the inner workings of linux (only having used the system for a month or so). It's part of a computer security class, so it IS possible, but perhaps not immediately clear...

The /etc/groups is readable. But I'm not sure as to why the unable to lock password file appears.

Any clarification is appreciated!
 
Old 11-19-2008, 03:15 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,886

Rep: Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258
Quote:
Originally Posted by ookamiueru View Post
First of all some clarifying questions (if I state something that is erroneous, please point it out):
The command sudo is used for running commands as root, or as a different user using the -u flag. However, if you get the responce "[myUSERNAME] is not in the sudoers file. This incident will be reported." Does this mean that regardless of the -u user you specify you can not use the sudo command?
Correct. The SUDOERS file has a list of who can do what. You can have users that can have full root privs, some root privs, or only be able to run one command as root. If you're not listed in that file, you can't do anything. This http://www.gratisoft.us/sudo/man/sudoers.html may help you further.

Quote:
Another question is... I'm in a computer where I don't have root. I'd like to change my GID, but the responce received when attempting a

usermod -a -G NEWUID myUSERNAME

is
usermod: unable to lock password file

Does anyone know the actual reason for this error? Im supposed to find a workaround this, but it's kind of hard not knowing the inner workings of linux (only having used the system for a month or so). It's part of a computer security class, so it IS possible, but perhaps not immediately clear...

The /etc/groups is readable. But I'm not sure as to why the unable to lock password file appears.
Since it's for a class, analyze what you're trying to do. You're trying to modify a USER, not a group. Check the permissions on /etc/passwd, to see why you're getting that message.
 
Old 11-19-2008, 03:18 PM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
with sudo you onlky prove that you are *YOU* not that you know any root password etc, and then it uses the sudoers file to allowing the human you to do what extra things are configured. so without a suitable sudoers file you have no basis for security.

as for the gid, you said it yourself - you aren't root. this would be where a well configured sudo framework might be handy!
 
Old 11-19-2008, 03:39 PM   #4
ookamiueru
LQ Newbie
 
Registered: Nov 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TB0ne View Post
Since it's for a class, analyze what you're trying to do. You're trying to modify a USER, not a group. Check the permissions on /etc/passwd, to see why you're getting that message.
I don't completely get the modifying user and not group comment. I figure that the listed usernames and passwords are listed in the /etc/passwd file. And the allowed commands for the different users are listed in the /etc/sudoers file. Also the different user groups and the pertaining users are listed in the /etc/group file.

So... what would "modifying a user" mean? If you add the user to another group, you sort of modified the user. If you change the password of the user in the passwd file, you sort of changed the user as well... And the same goes for changing different allowed commands in the /etc/sudoers command.

The /etc/passwd file is of course only writable for the root, though I can read it. Mmm, strange, I thought the passwords where listed in this file. All entries specify "x" as the password. I assume this means the password is not specified, and listed elsewhere?

Also, on the entry of the group file listing the group I'd like to be part of, there is a password specified. This is encrypted right? And even if one knew the password, how would one be able to used to get access to the group?
 
Old 11-19-2008, 07:03 PM   #5
ookamiueru
LQ Newbie
 
Registered: Nov 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Well... I figured out that the password files are kept in the shadow file. Although I still don't understand why it would depend on the passwd file if a can or can not append my user to another group. I'm not trying to change my default group, but rather to get my username appended to the group I want to have access to.

I might understand the situation better if someone could explain what the cause of the "usermod: unable to lock password file" error is. If I try to do
usermod -a -G NEWUID myUSERNAME
Would the result of this change the passwd file? Why is this the case, when what I expect is to change the /etc/groups file?
What I think would happen is that the entry in the groups file
NEWUID:!:123:otherUser1,otherUser2
changes to
NEWUID:!:123:otherUser1,otherUser2,myUSERNAME

Now... given that for instance the password was listed in this file, for instance
NEWUID:aP2flNx515Oz.:123:otherUser1,otherUser2,myUSERNAME
Does this result in a flaw in the security?
Given that I knew what this password was, what command would accept it and append my user to the NEWUID group?

Sorry for being stupid here,
Any help would be really really appreicated!

Last edited by ookamiueru; 11-19-2008 at 07:04 PM. Reason: removing smiley-parsing
 
Old 11-19-2008, 09:48 PM   #6
ookamiueru
LQ Newbie
 
Registered: Nov 2008
Posts: 8

Original Poster
Rep: Reputation: 0
I don't know if this is of any interest for anyone else. Maybe some other newbie happens to fall here by a google search. I eventually found the function that is supposed to add users to the different groups.
$ gpasswd GROUPNAME -a USERNAME
However this only replies with:
gpasswd: Permission denied.
Which does make sense, since I'm not part of the group, and I don't have any superuser priviliges.
I'm wondering where the group password comes into play (the one that I mentioned was listed in the etc/group file). Does anyone here know? If a group has a password, how would one use that as a non-superuser to add oneself to that group?

Maybe I should consider posting this problem in the security section, although what's stopping me is really the fact that everything in the unix world is new to me, so it's kind of looking for a key while blindfolded in a dark room.
 
Old 11-19-2008, 10:39 PM   #7
ookamiueru
LQ Newbie
 
Registered: Nov 2008
Posts: 8

Original Poster
Rep: Reputation: 0
I'll simplify the question, and perhaps someone can answer it, as I haven't figured it out through man-pages or websearching:

Given that I know the password corresponding to a given user group, how do I go by using gpasswd to add my username to that group?

There's no password prompt, only Permission Denied, when using "gpasswd GROUPNAME -a USERNAME". And no flags seem to indicate a input of password. Also, as the people who helped me earlier pointed out, sudo won't help me as it only identifies myself in order to perform the allowed actions as specified in the /etc/sudoers file.

Perhaps I need to use something other than gpasswd?

Again, if anyone can give me some sort of answer I'd be very happy

Last edited by ookamiueru; 11-19-2008 at 10:48 PM.
 
Old 11-19-2008, 10:58 PM   #8
ookamiueru
LQ Newbie
 
Registered: Nov 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Found it:
newgrp GROUPNAME
 
Old 11-16-2009, 01:15 AM   #9
tazegos
LQ Newbie
 
Registered: Nov 2009
Posts: 1

Rep: Reputation: 0
don't know if you're still using this. but i'm having the same problem as you did, but whenever i try using newgrp it always says i'm using the wrong password, but i'm directly copying and pasting it from the group file. What am i doing wrong?
 
Old 11-16-2009, 09:16 AM   #10
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,886

Rep: Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258Reputation: 4258
Quote:
Originally Posted by tazegos View Post
don't know if you're still using this. but i'm having the same problem as you did, but whenever i try using newgrp it always says i'm using the wrong password, but i'm directly copying and pasting it from the group file. What am i doing wrong?
You're re-opening a thread from a year ago, that's one thing you're doing wrong. Please open your own thread, for your own questions.

Also, you're not giving details, such as version/distro of Linux, or what you're doing. "copying and pasting it from the group file"?? Pasting WHAT? There are no passwords in the group file.

Read the man page on newgroup and on sudo....
 
Old 11-16-2009, 10:42 AM   #11
Jim Bengtson
Member
 
Registered: Feb 2009
Location: Iowa
Distribution: Ubuntu 9.10
Posts: 164

Rep: Reputation: 38
This might help (though you'll have to register with IBM/DeveloperWorks to read it):

LPI exam 102 prep, Topic 111: Administrative tasks
Junior Level Administration (LPIC-1) topic 111
https://www6.software.ibm.com/develo....html#accounts

In this section, learn how to:

* Add, modify, and remove users and groups
* Suspend and change user accounts
* Manage user and group information in the password databases and group databases
* Use the correct tools to manage shadow password databases and group databases
* Create and manage limited and special-purpose accounts
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
New to Debin/pPowerbook- Help Please (Basic install stuff) aquaboot Debian 2 01-08-2007 07:44 PM
Really basic stuff here gauge73 Linux - Newbie 5 02-19-2004 09:18 AM
Basic security stuff mymojo Linux - Security 9 11-26-2003 11:49 AM
Basic shell stuff drsanchez Linux - General 10 05-28-2003 12:49 PM
sudoing raven Linux - General 4 01-21-2002 08:25 AM


All times are GMT -5. The time now is 04:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration