Is a reboot required to refresh permissions after adding a user to a new group?

permissions ubuntu users groups

43,133

Solution 1

I was looking for a solution, came across this post, and then later found one!

I'd thought I'd actually offer a solution so others can benefit. Logging in and out is so 1995.

Taken from:

https://arkaitzj.wordpress.com/2010/03/08/linux-add-user-to-a-group-without-logout/

So if you needed to get permissions for the cdrom group you just added your user to:

newgrp cdrom

for example

So the steps would be:

#adduser my_user cdrom

and then

$newgrp cdrom

I've confirmed that it works.

A simple $groups check from the CLI shows the user is in the group. And a quick execution with needed privileges from that group works.

No need to kill your windows and login and logout! Hope that helps others!

Additional Information (based on jytou's helpful comment): "[This] solution will work only for the current opened shell. If you have another shell open, you'll need to use the same command to take the changes into account."

Solution 2

When adding a user to a new group, the user must log out and log back in for it to take affect. While a reboot will accomplish that, it should not be required.

Solution 3

Adding a user to a group does not effect currently logged in users.

In the case of a daemon, you need to restart it for new groups to be applied.

Furthermore, restarting the daemon using an option in the daemon itself will not work as that will inherit the current environment.

The easiest way to get it to work is to fully stop the daemon and start it again, as in..

/etc/init.d/foo stop ; /etc/init.d/foo start

Solution 4

that is much more easiere, you can check your current access level by typing:

id

to reload your groups you just need:

su - $USER

after that check access level again:

id

and you will see new group is now active.

Solution 5

There's a different failure mode which should also be addressed here.

If the admin updated /etc/group but failed to update /etc/gshadow (on systems which have this setup), logging out and back in will not actually assign you to the new group.

Confusingly, groups will show you the real, current situation, whereas id will incorrectly print output which indicates that you are properly a member of the group.

tripleee@vbvntv$ groups
tripleee

tripleee@vbvntv$ id
uid=1234(tripleee) gid=1234(tripleee) groups=1234(tripleee),4(adm)

tripleee@vbvntv$ ls -l /var/log/mail.log
-rw-r----- 1 root adm 15728 May 26 14:26 /var/log/mail.log

tripleee@vbvntv$ tail /var/log/mail.log
tail: cannot open `/var/log/mail.log' for reading: Permission denied

I can't use newgrp because it asks for a password, and I don't have a password, only SSH public key authentication.

The solution would be for the admin to revert the manual edit of /etc/groups and then do it again with sudo gpasswd -a tripleee adm; or alternatively, to use grpconv to merge the changes (which I picked up from https://serverfault.com/a/389719/98333)

View more solutions

43,133

Jayesh Elamgodil

Updated on September 17, 2022

Comments

Jayesh Elamgodil over 1 year

On ubuntu server, I've noticed more than once now that after adding a user to a group that user doesn't have group permissions until I reboot the system. For example:

User 'hudson' needs permission to read directory 'root:shadow /etc/shadow' So I add hudson to the shadow group. hudson still cannot read. So, I 'sudo shutdown -h -r now' and when the system comes up again user hudson can read.

Is a reboot required or is there a better way to get permissions applied after adding the user to the group?
- TryTryAgain about 12 years
  
  for future reference, I've added an actual solution below. I was amazed this was a problem. Hope that helps.
Jayesh Elamgodil over 14 years

How do I logout a user that was created by aptitude when installing a package?
womble over 14 years

What package creates the hudson user?
Scott Pack over 14 years

As Justin answered, try stopping and starting the service.
Trent Scott over 12 years

This is what I do. Simply log out and log back in.
TryTryAgain about 12 years

You actually do not need to log out and back in, thankfully. I offered a working solution below. Tested, and HAPPY!
jytou over 11 years

Note that TryTryAgain's solution will work only for the current opened shell. If you have another shell open, you'll need to use the same command to take the changes into account.
artfulrobot almost 11 years

Anyway to do that for the running X sesssion?
tripleee almost 9 years

Actually, turns out that the real problem was that I was reusing an SSH master session. Disconnecting that by removing the ControlPath socket and logging in again resolved the problem.
Frank Nocke about 3 years

What will foo most likely be? (on a Ubunutu 20.04, plenty of executable files in /etc/init.d/)