Hi people. I'm having some trouble with some GID and UID stuff.

First of all some clarifying questions (if I state something that is erroneous, please point it out):
The command sudo is used for running commands as root, or as a different user using the -u flag. However, if you get the responce "[myUSERNAME] is not in the sudoers file. This incident will be reported." Does this mean that regardless of the -u user you specify you can not use the sudo command?

Another question is... I'm in a computer where I don't have root. I'd like to change my GID, but the responce received when attempting a

usermod -a -G NEWUID myUSERNAME

is
usermod: unable to lock password file

Does anyone know the actual reason for this error? Im supposed to find a workaround this, but it's kind of hard not knowing the inner workings of linux (only having used the system for a month or so). It's part of a computer security class, so it IS possible, but perhaps not immediately clear...

The /etc/groups is readable. But I'm not sure as to why the unable to lock password file appears.

Any clarification is appreciated!

Correct. The SUDOERS file has a list of who can do what. You can have users that can have full root privs, some root privs, or only be able to run one command as root. If you're not listed in that file, you can't do anything. This http://www.gratisoft.us/sudo/man/sudoers.html may help you further.

Since it's for a class, analyze what you're trying to do. You're trying to modify a USER, not a group. Check the permissions on /etc/passwd, to see why you're getting that message.

with sudo you onlky prove that you are *YOU* not that you know any root password etc, and then it uses the sudoers file to allowing the human you to do what extra things are configured. so without a suitable sudoers file you have no basis for security.

as for the gid, you said it yourself - you aren't root. this would be where a well configured sudo framework might be handy!

I don't completely get the modifying user and not group comment. I figure that the listed usernames and passwords are listed in the /etc/passwd file. And the allowed commands for the different users are listed in the /etc/sudoers file. Also the different user groups and the pertaining users are listed in the /etc/group file.

So... what would "modifying a user" mean? If you add the user to another group, you sort of modified the user. If you change the password of the user in the passwd file, you sort of changed the user as well... And the same goes for changing different allowed commands in the /etc/sudoers command.

The /etc/passwd file is of course only writable for the root, though I can read it. Mmm, strange, I thought the passwords where listed in this file. All entries specify "x" as the password. I assume this means the password is not specified, and listed elsewhere?

Also, on the entry of the group file listing the group I'd like to be part of, there is a password specified. This is encrypted right? And even if one knew the password, how would one be able to used to get access to the group?

Well... I figured out that the password files are kept in the shadow file. Although I still don't understand why it would depend on the passwd file if a can or can not append my user to another group. I'm not trying to change my default group, but rather to get my username appended to the group I want to have access to.

I might understand the situation better if someone could explain what the cause of the "usermod: unable to lock password file" error is. If I try to do
usermod -a -G NEWUID myUSERNAME
Would the result of this change the passwd file? Why is this the case, when what I expect is to change the /etc/groups file?
What I think would happen is that the entry in the groups file
NEWUID:!:123:otherUser1,otherUser2
changes to
NEWUID:!:123:otherUser1,otherUser2,myUSERNAME

Now... given that for instance the password was listed in this file, for instance
NEWUID:aP2flNx515Oz.:123:otherUser1,otherUser2,myUSERNAME
Does this result in a flaw in the security?
Given that I knew what this password was, what command would accept it and append my user to the NEWUID group?

Sorry for being stupid here,
Any help would be really really appreicated!

I don't know if this is of any interest for anyone else. Maybe some other newbie happens to fall here by a google search. I eventually found the function that is supposed to add users to the different groups.
$ gpasswd GROUPNAME -a USERNAME
However this only replies with:
gpasswd: Permission denied.
Which does make sense, since I'm not part of the group, and I don't have any superuser priviliges.
I'm wondering where the group password comes into play (the one that I mentioned was listed in the etc/group file). Does anyone here know? If a group has a password, how would one use that as a non-superuser to add oneself to that group?

Maybe I should consider posting this problem in the security section, although what's stopping me is really the fact that everything in the unix world is new to me, so it's kind of looking for a key while blindfolded in a dark room.

I'll simplify the question, and perhaps someone can answer it, as I haven't figured it out through man-pages or websearching:

Given that I know the password corresponding to a given user group, how do I go by using gpasswd to add my username to that group?

There's no password prompt, only Permission Denied, when using "gpasswd GROUPNAME -a USERNAME". And no flags seem to indicate a input of password. Also, as the people who helped me earlier pointed out, sudo won't help me as it only identifies myself in order to perform the allowed actions as specified in the /etc/sudoers file.

Perhaps I need to use something other than gpasswd?

Again, if anyone can give me some sort of answer I'd be very happy

Found it:
newgrp GROUPNAME

don't know if you're still using this. but i'm having the same problem as you did, but whenever i try using newgrp it always says i'm using the wrong password, but i'm directly copying and pasting it from the group file. What am i doing wrong?

You're re-opening a thread from a year ago, that's one thing you're doing wrong. Please open your own thread, for your own questions.

Also, you're not giving details, such as version/distro of Linux, or what you're doing. "copying and pasting it from the group file"?? Pasting WHAT? There are no passwords in the group file.

Read the man page on newgroup and on sudo....

This might help (though you'll have to register with IBM/DeveloperWorks to read it):

LPI exam 102 prep, Topic 111: Administrative tasks
Junior Level Administration (LPIC-1) topic 111
https://www6.software.ibm.com/develo....html#accounts

In this section, learn how to:

* Add, modify, and remove users and groups
* Suspend and change user accounts
* Manage user and group information in the password databases and group databases
* Use the correct tools to manage shadow password databases and group databases
* Create and manage limited and special-purpose accounts