Is a reboot required to refresh permissions after adding a user to a new group?
Solution 1
I was looking for a solution, came across this post, and then later found one!
I'd thought I'd actually offer a solution so others can benefit. Logging in and out is so 1995.
Taken from:
https://arkaitzj.wordpress.com/2010/03/08/linux-add-user-to-a-group-without-logout/
So if you needed to get permissions for the cdrom
group you just added your user to:
newgrp cdrom
for example
So the steps would be:
#adduser my_user cdrom
and then
$newgrp cdrom
I've confirmed that it works.
A simple $groups
check from the CLI shows the user is in the group. And a quick execution with needed privileges from that group works.
No need to kill your windows and login and logout! Hope that helps others!
Additional Information (based on jytou's helpful comment): "[This] solution will work only for the current opened shell. If you have another shell open, you'll need to use the same command to take the changes into account."
Solution 2
When adding a user to a new group, the user must log out and log back in for it to take affect. While a reboot will accomplish that, it should not be required.
Solution 3
Adding a user to a group does not effect currently logged in users.
In the case of a daemon, you need to restart it for new groups to be applied.
Furthermore, restarting the daemon using an option in the daemon itself will not work as that will inherit the current environment.
The easiest way to get it to work is to fully stop the daemon and start it again, as in..
/etc/init.d/foo stop ; /etc/init.d/foo start
Solution 4
that is much more easiere, you can check your current access level by typing:
id
to reload your groups you just need:
su - $USER
after that check access level again:
id
and you will see new group is now active.
Solution 5
There's a different failure mode which should also be addressed here.
If the admin updated /etc/group
but failed to update /etc/gshadow
(on systems which have this setup), logging out and back in will not actually assign you to the new group.
Confusingly, groups
will show you the real, current situation, whereas id
will incorrectly print output which indicates that you are properly a member of the group.
tripleee@vbvntv$ groups
tripleee
tripleee@vbvntv$ id
uid=1234(tripleee) gid=1234(tripleee) groups=1234(tripleee),4(adm)
tripleee@vbvntv$ ls -l /var/log/mail.log
-rw-r----- 1 root adm 15728 May 26 14:26 /var/log/mail.log
tripleee@vbvntv$ tail /var/log/mail.log
tail: cannot open `/var/log/mail.log' for reading: Permission denied
I can't use newgrp
because it asks for a password, and I don't have a password, only SSH public key authentication.
The solution would be for the admin to revert the manual edit of /etc/groups
and then do it again with sudo gpasswd -a tripleee adm
; or alternatively, to use grpconv
to merge the changes (which I picked up from https://serverfault.com/a/389719/98333)
Related videos on Youtube
Jayesh Elamgodil
Updated on September 17, 2022Comments
-
Jayesh Elamgodil over 1 year
On ubuntu server, I've noticed more than once now that after adding a user to a group that user doesn't have group permissions until I reboot the system. For example:
User 'hudson' needs permission to read directory 'root:shadow /etc/shadow' So I add hudson to the shadow group. hudson still cannot read. So, I 'sudo shutdown -h -r now' and when the system comes up again user hudson can read.
Is a reboot required or is there a better way to get permissions applied after adding the user to the group?
-
TryTryAgain about 12 yearsfor future reference, I've added an actual solution below. I was amazed this was a problem. Hope that helps.
-
-
Jayesh Elamgodil over 14 yearsHow do I logout a user that was created by aptitude when installing a package?
-
womble over 14 yearsWhat package creates the
hudson
user? -
Scott Pack over 14 yearsAs Justin answered, try stopping and starting the service.
-
Trent Scott over 12 yearsThis is what I do. Simply log out and log back in.
-
TryTryAgain about 12 yearsYou actually do not need to log out and back in, thankfully. I offered a working solution below. Tested, and HAPPY!
-
jytou over 11 yearsNote that TryTryAgain's solution will work only for the current opened shell. If you have another shell open, you'll need to use the same command to take the changes into account.
-
artfulrobot almost 11 yearsAnyway to do that for the running X sesssion?
-
tripleee almost 9 yearsActually, turns out that the real problem was that I was reusing an SSH master session. Disconnecting that by removing the ControlPath socket and logging in again resolved the problem.
-
Frank Nocke about 3 yearsWhat will
foo
most likely be? (on a Ubunutu 20.04, plenty of executable files in/etc/init.d/
)