56

Assume I'm logged in with user takpar:

takpar@skyspace:/$

As root, I've added takpar as a member of group webdev using:

# usermod -a -G webdev takpar

But it seems it has not been applied, because for example I can't get into a webdev's directory that has read permission for group:

400169 drwxr-x--- 3 webdev webdev 4.0K 2011-08-15 22:34 public_html

takpar@skyspace:/home/webdev/$ cd public_html/
bash: cd: public_html/: Permission denied

But after a reboot I have access as I expect. As this kind of group changing is in my routine, is there any way to apply changes without needing a reboot?

Answer It seems there is no way to make the current session know the new group, for example the file manager won't work with new changes. But a re-login will do the job. The su command is also appropriate for temp commands in urrent session.

slm
  • 363,520
  • 117
  • 767
  • 871
Alexar
  • 697
  • 1
  • 6
  • 9
  • 7
    You don't need to reboot, only to login again so that the permissions changes become global. – Stéphane Gimenez Aug 15 '11 at 19:03
  • There is no way to change any _process_ (in particular, login session's) identity while it is running (UID, GID, supplemental groups). Need to start a new session (i.e., log in again). – vonbrand Jan 19 '13 at 23:47
  • 2
    what if the created user is a system user? – Jürgen Paul Apr 27 '14 at 10:55
  • See also: [SuperUser: Reload a Linux user's group assignments without logging out](https://superuser.com/questions/272061/reload-a-linux-users-group-assignments-without-logging-out) – Gabriel Staples Aug 11 '21 at 18:49

3 Answers3

78

Local solution: use su yourself to login again. In the new session you'll be considered as a member of the group.

Man pages for newgrp and sg might also be of interest to change your current group id (and login into a new group):

  • To use webdev's group id (and privileges) in your current shell use:

     newgrp webdev

  • To start a command with some group id (and keep current privileges in your shell) use:

     sg webdev -c "command"

    (sg is like su but for groups, and it should work without the group password if you are listed as a member of the group in the system's data)

Stéphane Gimenez
  • 28,527
  • 3
  • 76
  • 87
  • It asks for a password, and do not accept neither my password neither webdev's one. – Alexar Aug 15 '11 at 19:01
  • 3
    @takpar: I've just checked, and in fact it seems it should work without the (group) password when you are listed as a member of the group in `/etc/group` and `/etc/gshadow`. Are your two files consistent? (check it with `grpck -r`). – Stéphane Gimenez Aug 15 '11 at 20:59
  • it can work. sg group_name -c "bash" – madjardi Apr 09 '16 at 02:11
  • I am installing docker using ansible and I am maintaining a socket file in my local machine for 120s, how can I achieve the same with ansible? – Manjit Kumar Nov 21 '16 at 06:35
  • @StéphaneGimenez - what do you mean by *and login into a new group*? – Shuzheng Jan 11 '21 at 09:41
6

Rebooting system is an overkill, even logout & login is not necessary if you use gpasswd.

You can add takpar to webdev group using:

$ gpasswd -a takpar webdev

You can check group membership using getent group {name} command:

$ getent group webdev
webdev:x:1008:webdev,takpar

which should be the same as cat /etc/group | grep webdev. For completeness here's id output from from takpar shell session:

$ id takpar
uid=1007(takpar) gid=1007(takpar) groups=1007(takpar),1008(webdev)
Tombart
  • 2,630
  • 5
  • 26
  • 39
  • This solution enables me to continue executing commands after adding user to the group. W/ newgrp command this is not possible e.g. in a bash script every command after newgrp will not be executed. However, it still requires a reboot to take realy effect. For Docker rootless access w/o rebooting does not work. – vpap May 17 '21 at 17:34
  • 1
    This does not work. Running `groups` after running `gpasswd` will __not__ show the newly added group. – wheeler Dec 03 '22 at 01:51
1
id webdev

seems to be wrong here - you want to know about your own id, takpar, not webdev.

If you compare the outputs of id and id takpar, you will notice that the former doesn't show the change yet, while the latter shows it. Why? This is because id shows the groups of the current process. If you log out and back in, or even only open a new terminal window, you should already see the change without reboot.

glglgl
  • 1,200
  • 9
  • 12
  • Thanks. It was my mistake. I've updated that in the question. as you see, the changes can be seen in terminal but it is not applied actually. – Alexar Aug 15 '11 at 19:00
  • 1
    Are you sure that opening a new terminal window the user will see the changes? – enzotib Aug 15 '11 at 19:02
  • You are right, that doesn't work - probably because the new shell process inherits its groups from its parents. But if you do a complete logout and login again, it should work. If you don't want that, a mere ``ssh localhost` will do for the meantime. Or just `sg`, as Stéphane suggested. – glglgl Aug 15 '11 at 19:05