Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
11-19-2008, 02:50 PM
|
#1
|
LQ Newbie
Registered: Nov 2008
Posts: 8
Rep:
|
Some basic stuff, sudoing etc.
Hi people. I'm having some trouble with some GID and UID stuff.
First of all some clarifying questions (if I state something that is erroneous, please point it out):
The command sudo is used for running commands as root, or as a different user using the -u flag. However, if you get the responce "[myUSERNAME] is not in the sudoers file. This incident will be reported." Does this mean that regardless of the -u user you specify you can not use the sudo command?
Another question is... I'm in a computer where I don't have root. I'd like to change my GID, but the responce received when attempting a
usermod -a -G NEWUID myUSERNAME
is
usermod: unable to lock password file
Does anyone know the actual reason for this error? Im supposed to find a workaround this, but it's kind of hard not knowing the inner workings of linux (only having used the system for a month or so). It's part of a computer security class, so it IS possible, but perhaps not immediately clear...
The /etc/groups is readable. But I'm not sure as to why the unable to lock password file appears.
Any clarification is appreciated!
|
|
|
11-19-2008, 03:15 PM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,671
|
Quote:
Originally Posted by ookamiueru
First of all some clarifying questions (if I state something that is erroneous, please point it out):
The command sudo is used for running commands as root, or as a different user using the -u flag. However, if you get the responce "[myUSERNAME] is not in the sudoers file. This incident will be reported." Does this mean that regardless of the -u user you specify you can not use the sudo command?
|
Correct. The SUDOERS file has a list of who can do what. You can have users that can have full root privs, some root privs, or only be able to run one command as root. If you're not listed in that file, you can't do anything. This http://www.gratisoft.us/sudo/man/sudoers.html may help you further.
Quote:
Another question is... I'm in a computer where I don't have root. I'd like to change my GID, but the responce received when attempting a
usermod -a -G NEWUID myUSERNAME
is
usermod: unable to lock password file
Does anyone know the actual reason for this error? Im supposed to find a workaround this, but it's kind of hard not knowing the inner workings of linux (only having used the system for a month or so). It's part of a computer security class, so it IS possible, but perhaps not immediately clear...
The /etc/groups is readable. But I'm not sure as to why the unable to lock password file appears.
|
Since it's for a class, analyze what you're trying to do. You're trying to modify a USER, not a group. Check the permissions on /etc/passwd, to see why you're getting that message. 
|
|
|
11-19-2008, 03:18 PM
|
#3
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
with sudo you onlky prove that you are *YOU* not that you know any root password etc, and then it uses the sudoers file to allowing the human you to do what extra things are configured. so without a suitable sudoers file you have no basis for security.
as for the gid, you said it yourself - you aren't root. this would be where a well configured sudo framework might be handy!
|
|
|
11-19-2008, 03:39 PM
|
#4
|
LQ Newbie
Registered: Nov 2008
Posts: 8
Original Poster
Rep:
|
Quote:
Originally Posted by TB0ne
Since it's for a class, analyze what you're trying to do. You're trying to modify a USER, not a group. Check the permissions on /etc/passwd, to see why you're getting that message. 
|
I don't completely get the modifying user and not group comment. I figure that the listed usernames and passwords are listed in the /etc/passwd file. And the allowed commands for the different users are listed in the /etc/sudoers file. Also the different user groups and the pertaining users are listed in the /etc/group file.
So... what would "modifying a user" mean? If you add the user to another group, you sort of modified the user. If you change the password of the user in the passwd file, you sort of changed the user as well... And the same goes for changing different allowed commands in the /etc/sudoers command.
The /etc/passwd file is of course only writable for the root, though I can read it. Mmm, strange, I thought the passwords where listed in this file. All entries specify "x" as the password. I assume this means the password is not specified, and listed elsewhere?
Also, on the entry of the group file listing the group I'd like to be part of, there is a password specified. This is encrypted right? And even if one knew the password, how would one be able to used to get access to the group?
|
|
|
11-19-2008, 07:03 PM
|
#5
|
LQ Newbie
Registered: Nov 2008
Posts: 8
Original Poster
Rep:
|
Well... I figured out that the password files are kept in the shadow file. Although I still don't understand why it would depend on the passwd file if a can or can not append my user to another group. I'm not trying to change my default group, but rather to get my username appended to the group I want to have access to.
I might understand the situation better if someone could explain what the cause of the "usermod: unable to lock password file" error is. If I try to do
usermod -a -G NEWUID myUSERNAME
Would the result of this change the passwd file? Why is this the case, when what I expect is to change the /etc/groups file?
What I think would happen is that the entry in the groups file
NEWUID:!:123:otherUser1,otherUser2
changes to
NEWUID:!:123:otherUser1,otherUser2,myUSERNAME
Now... given that for instance the password was listed in this file, for instance
NEWUID:aP2flNx515Oz.:123:otherUser1,otherUser2,myUSERNAME
Does this result in a flaw in the security?
Given that I knew what this password was, what command would accept it and append my user to the NEWUID group?
Sorry for being stupid here,
Any help would be really really appreicated!
Last edited by ookamiueru; 11-19-2008 at 07:04 PM.
Reason: removing smiley-parsing
|
|
|
11-19-2008, 09:48 PM
|
#6
|
LQ Newbie
Registered: Nov 2008
Posts: 8
Original Poster
Rep:
|
I don't know if this is of any interest for anyone else. Maybe some other newbie happens to fall here by a google search. I eventually found the function that is supposed to add users to the different groups.
$ gpasswd GROUPNAME -a USERNAME
However this only replies with:
gpasswd: Permission denied.
Which does make sense, since I'm not part of the group, and I don't have any superuser priviliges.
I'm wondering where the group password comes into play (the one that I mentioned was listed in the etc/group file). Does anyone here know? If a group has a password, how would one use that as a non-superuser to add oneself to that group?
Maybe I should consider posting this problem in the security section, although what's stopping me is really the fact that everything in the unix world is new to me, so it's kind of looking for a key while blindfolded in a dark room. 
|
|
|
11-19-2008, 10:39 PM
|
#7
|
LQ Newbie
Registered: Nov 2008
Posts: 8
Original Poster
Rep:
|
I'll simplify the question, and perhaps someone can answer it, as I haven't figured it out through man-pages or websearching:
Given that I know the password corresponding to a given user group, how do I go by using gpasswd to add my username to that group?
There's no password prompt, only Permission Denied, when using "gpasswd GROUPNAME -a USERNAME". And no flags seem to indicate a input of password. Also, as the people who helped me earlier pointed out, sudo won't help me as it only identifies myself in order to perform the allowed actions as specified in the /etc/sudoers file.
Perhaps I need to use something other than gpasswd?
Again, if anyone can give me some sort of answer I'd be very happy 
Last edited by ookamiueru; 11-19-2008 at 10:48 PM.
|
|
|
11-19-2008, 10:58 PM
|
#8
|
LQ Newbie
Registered: Nov 2008
Posts: 8
Original Poster
Rep:
|
Found it:
newgrp GROUPNAME
|
|
|
11-16-2009, 01:15 AM
|
#9
|
LQ Newbie
Registered: Nov 2009
Posts: 1
Rep:
|
don't know if you're still using this. but i'm having the same problem as you did, but whenever i try using newgrp it always says i'm using the wrong password, but i'm directly copying and pasting it from the group file. What am i doing wrong?
|
|
|
11-16-2009, 09:16 AM
|
#10
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,671
|
Quote:
Originally Posted by tazegos
don't know if you're still using this. but i'm having the same problem as you did, but whenever i try using newgrp it always says i'm using the wrong password, but i'm directly copying and pasting it from the group file. What am i doing wrong?
|
You're re-opening a thread from a year ago, that's one thing you're doing wrong. Please open your own thread, for your own questions.
Also, you're not giving details, such as version/distro of Linux, or what you're doing. "copying and pasting it from the group file"?? Pasting WHAT? There are no passwords in the group file.
Read the man page on newgroup and on sudo....
|
|
|
11-16-2009, 10:42 AM
|
#11
|
Member
Registered: Feb 2009
Location: Iowa
Distribution: Ubuntu 9.10
Posts: 164
Rep:
|
This might help (though you'll have to register with IBM/DeveloperWorks to read it):
LPI exam 102 prep, Topic 111: Administrative tasks
Junior Level Administration (LPIC-1) topic 111
https://www6.software.ibm.com/develo....html#accounts
In this section, learn how to:
* Add, modify, and remove users and groups
* Suspend and change user accounts
* Manage user and group information in the password databases and group databases
* Use the correct tools to manage shadow password databases and group databases
* Create and manage limited and special-purpose accounts
|
|
|
All times are GMT -5. The time now is 02:51 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|