Remove user from root group
Somehow I managed to add user Tom to root group in Ubuntu, in order to avoid using sudo everytime (bad decision). Now I want to remove it and I can't.
I've tried using
usermod -G {groups} Tom
My /etc/sudoers file is the following:
Defaults env_reset
root ALL=(ALL) ALL
%sudo ALL=(ALL) ALL
%admin ALL=(ALL) ALL
Specifing all groups but root and no changes are made. Any idea? Thanks
Edit: this answer has been heavily edited since the original version. The original was spread over a couple of updates, so this hopefully represents those collected into a logical summary)
short version: Looking at the output you provided, I don't think you have put Tom in the root group, I think you have changed the root users primary group to Tom.
Long Version:
The output that you provided was actually the user and group information for the root user, rather than the Tom user, however it is very useful as it exposes a problem for your system;
# id
uid=0(root) gid=1001(Tom)
grupos=0(root),1001(Tom),1002(subversion),117(nagios),1004(reweb)
This output indicates that there is a problem here which is that you have changed the root users primary group to Tom which is likely not what you had in mind uid=0(root) gid=1001(Tom); <--- this is bad. and is probably what is causing problems.
The consequence of this is that there might be loads of files around owned by group Tom like so, and these would appear in places like /var/log
rw------- 1 root Tom 332203 Feb 24 21:17 messages
This is because root creates many files for services running as root, and will create new files with the root user primary group which is now Tom. You can fix the root primary group problem with the following command;
# usermod -g root root
However this primary group problem might have had some odd effects such as leaving files everywhere in surprising places with group Tom because any files created by root will have Tom group permission.
Fixing permissions on files created with the Tom group is pretty easy if you can find them
Because of the root primary group problem mentioned above, you should fix these permissions by constructing a find / -group Tom type command to see where those files exist.
# find / -group Tom
/var/somepath/somefile.txtx
/var/somepath/somefile.txtx2
and fix those files up with something like;
chown :root /var/somepath/somefile.txtx2
if you don't care about resetting the Tom user files to root when they are outside the /home/Tom directory then you can just blast all the messed up group permissions back to root like so;
find / \( -type d -regex "/home/Tom" -prune \) -o -group Tom -print -exec chown :root {} \;
but I would look that command up before running it, in case it blatts your system....
Given what you have said, the following commands should fix both root and Tom to defaults with regards to primary groups;
make sure root has primary group root;
#usermod -g root root
make sure Tom has primary group Tom
# usermod -g Tom Tom
make sure Tom is not in the root group
# gpasswd -d Tom root
Removing user Tom from group root
make sure root is not in the Tom group
# gpasswd -d root Tom
gpasswd: unknown member root
If you wanted to prevent "Tom" from getting any admin rights, you could further check that "Tom" is not in the sudo or admin groups;
# gpasswd -d Tom sudo
# gpasswd -d Tom admin
You should prefer to use the vigr command to edit /etc/group. It will launch your editor on a copy of the file; when your editor exits it will do a syntax check and only replace /etc/group if the new file checks out.
There's a corresponding vipw command for editing /etc/passwd too.
Try removing him manually by editing /etc/group
There's a comma separated list of users in each group.
Not sure this follows best-practice, but it works.