Home / Tips & tricks / Recover user admin in Ubuntu

Recover user admin in Ubuntu

Recently there has been a question through contact-form about how to recover an admin user. Specifically, it was when you opened the application “System Configuration> User Accounts” and changed the type of account to “Standard”.

I am preparing to create this updated guide, since there have been changes in the recent versions of Ubuntu regarding the group “admin” and in addition there are other causes that can cause the elevation of privileges to perform administrative tasks.

Recommended Reading

Basically the elevation of privileges to administer the system with our user is broken when one or more of the following situations happen:

  • Case 1: The user has been accidentally removed from the “admin” group (administrator) and added to the Standard Group (without privileges)
  • Case 2: The file ” / etc / sudoers ” has been modified to not allow scaling privileges to the users of the administrator group
  • Case 3: The permissions of the file ” / etc / sudoers ” have been changed to something other than “0440”

If this happens, we will notice that something fails, when executing any commands with “sudo”:

Login to the system as root:

To solve this problem you have to login as root, unless we have another administrator account. To do this, we start the system in Recovery Mode, which depending on the cases will be:

  • If we only have Ubuntu on the Hard Disk:
    The Grub does not appear and we must press the “Shift” key (to capitalize) during the boot (you have to be fast).
  • If we have a dual boot with Win2 or another GNU / Linux:
    No problems, always appears the Grub.

Once we have the Grub on the screen, select the option “Recovery Mode”:

modorecovery

Note : Ubuntu 13.04 brings Grub 1.99 and the recovery mode option is within “Other Options” (below normal boot).

We will open a series of options, we move to “root” and press “Enter”:

modorecoveryroot

Then we will see below a line of orders where to execute commands.

The root account is the total system administrator and can do anything (including deletion), so please be careful with the commands that are written here.

In the latest versions of Ubuntu, the file system is mounted as read-only, so we need to reassemble it as read and write, so you can make changes to the file system. To do this we execute the following command:

Mount -o remount, rw /

Solution to problems:

Now we are going to repair the problem in question, which will depend on the reasons why we have lost the elevation of privileges and the version of Ubuntu.

Note : Change the commands you execute, the word “user” by the name of your user. Keep an eye on this!!

Case 1: The user has been accidentally removed from the “admin” group (administrator) and added to the Standard Group (without privileges):

Here it depends on the version of Ubuntu that we have since until Ubuntu 11.10, the access as administrator using the sudo tool was granted to the group “admin”. As of Ubuntu 12.04, access as administrator is granted through the “sudo” group. This makes Ubuntu more consistent with upstream and Debian implementation. For compatibility reasons, in Ubuntu 12.04, the “admin” group will continue to provide access to “sudo”.

  • For Ubuntu 12.04 and later:

When the “admin” group was eliminated, in theory and according to the help of ubuntu.com, it would suffice to add it only to the “sudo” group:

Adduser user sudo

But after several tests, I realized that I lacked privileges, so I executed the following command with my user “kaox” (with which I installed Ubuntu), unmodified, to see what groups it is in:

Cat / var / log / installer / syslog | Grep "user-setup: Adding user kaox to group" | Cut -d '' -f11
Adm
CD ROM
Dip
Lpadmin
Plugdev
Sambashare
Sudo

I added my user “tests” to all those groups and I got all the privileges.

So if you have any problems or you lack privileges, like me, you have to add these groups to the “user” (separating groups with commas and without leaving spaces between them):

Usermod -G adm, cdrom, dip, lpadmin, plugdev, sambashare, sudo user

Ojo: This command will add the user to these groups and take it out of different ones in which it was, for example the group “vboxusers” for those using Virtualbox. So if this is so, we must add the option “-a” to the command to keep the user in those groups (man usermod):

Usermod -a -G adm, cdrom, dip, lpadmin, plugdev, sambashare, sudo user

And we restart with:

Reboot
  • For Ubuntu 11.10 and earlier: You must add the user to the group “admin” with:
Adduser user admin

And we restart with:

Reboot

Case 2: The file ” / etc / sudoers ” has been modified to not allow scaling privileges to the users of the administrator group

First, make a copy of the file with:

Cp / etc / sudoers /etc/sudoers.backup

Edit the file with:

Nano / etc / sudoers

Note: The correct command is actually “visudo”, which checks the syntax before saving the file, but in some earlier versions of Ubuntu, the vi editor may be confusing for new users, so I use nano, which is more simple.

And make sure the content of the file is like this:

#
# This file MUST be edited with the ‘visudo’ command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults secure_path = “/ usr / local / sbin: / usr / local / bin: / usr / sbin: / usr / bin: / sbin: / bin”

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL = (ALL: ALL) ALL

# Members of the admin group may gain privileges
% admin ALL = (ALL) ALL

# Allow members of group sudo to execute any command
%

Then make the save and exit changes by pressing “Ctrl + X” and Enter.

And we restart with:

Reboot

Case 3: The permissions of the file ” / etc / sudoers ” have been changed to something other than “0440”

If we get an error like: ” sudo is mode _____, should be 0440 “, is that the permissions of the file have been changed.

To restore them to “0440” we execute:

Chmod 0440 / etc / sudoers

And we restart with:

Reboot

Once you have fixed the problem in question, start with your user and verify that you have administrative permissions.

If this does not work for you or you do not do well in the terminal, you can try activating the root account and enter a graphical session to manage users:

In Ubuntu the root account is disabled and you will have to a) activate it, b) enter a graphical session of root to c) change the permissions to your user or create a new one as administrator.

A) Activate the root account:

Start the system in recovery> root mode and you will be shown below a line waiting for orders. Run the following command to activate the account of the root and to put a different password to that of your user and do not forget to point it somewhere:

Passwd root

Writes the UNIX password: YYYYYYYYY
rewrites the UNIX password: YYYYYYYYY

Do not restart, we have to continue here to continue with b)

b) Enter a graphical session of root:

To enter the root session in Ubuntu we must select in the screen of login (Lightdm) the option “other Users “and then select” root “, but in the latest versions of Ubuntu has been removed and to appear again you have to do the following:

Make a backup of the file that we are going to play:

Cp -p /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.orig

Edit “/etc/lightdm/lightdm.conf”:

Nano /etc/lightdm/lightdm.conf

The following code will appear:

[SeatDefaults] user-session = ubuntu
greeter-session = unity-greeter

Scroll with the “down arrow” and “right arrow” keys behind the last line of the code that appears, press Enter to write below and add the following line:

Greeter-show-manual-login = true

It should look like this:

[SeatDefaults] user-session = ubuntu
greeter-session = unity-greeter
greeter-show-manual-login = true

Save the file by pressing the key combination Ctrlo( ” or ” of or viedo, not a zero) and close the file by pressing the key combination Ctrlx.

Reboot with:

Reboot

And you should see the option “Login” and be able to boot with the root.

C) change the permissions to your user or create a new one: 

Change the permissions : Open “System Settings> User Accounts”, select your user on the left and right click on the “Account Type” drop-down box and select “Administrator ”

Restart, enter with the admin user and check that you have permissions for everything . If all goes well and “if you want”,

Sudo passwd -l root

You can also undo what was done to start the graphic session as root and return to normal. To do this restore the file backup with:

Sudo cp -p /etc/lightdm/lightdm.conf.orig /etc/lightdm/lightdm.conf

About admin

Check Also

whatsapp message sending error Fixed

whatsapp message sending error Fixed – کیا آپ بھی واٹس ایپ پر پیغامات بھیجنے اور موصول …

Leave a Reply

Your email address will not be published. Required fields are marked *