1. Basic approach
I found very useful package for such operation. It is named base-passwd
and has the following description:
$ apt-cache show base-passwd
Package: base-passwd
...
Description-en: Debian base system master password and group files
These are the canonical master copies of the user database files
(/etc/passwd and /etc/group), containing the Debian-allocated user and
group IDs. The update-passwd tool is provided to keep the system databases
synchronized with these master files.
Master files (in aforementioned terminology) are placed in:
/usr/share/base-passwd/group.master
/usr/share/base-passwd/passwd.master
The package contains only one binary /usr/sbin/update-passwd
.
Its purpose is described in man-page (man update-passwd
):
DESCRIPTION
update-passwd
handles updates of /etc/passwd
, /etc/shadow
and /etc/group
on running Debian systems. It compares the current files to master copies, distributed in the base-passwd
package, and updates all entries in the global system range (that is, 0–99).
For the problem from the question we need to run:
sudo update-passwd --sanity-check --verbose
Also you can try to run the simulation (dry-run):
$ sudo update-passwd --sanity-check --verbose --dry-run
Reading passwd from /usr/share/base-passwd/passwd.master
Reading group from /usr/share/base-passwd/group.master
Reading passwd from /etc/passwd
Reading shadow from /etc/shadow
Reading group from /etc/group
Running without arguments will safely update /etc/passwd
, /etc/shadow
and /etc/group
or quit quietly:
$ sudo update-passwd
$ sudo update-passwd --verbose
No changes needed
The utility covers 39 standard groups - adm, audio, backup, bin, cdrom, daemon, dialout, dip, disk, fax, floppy, games, gnats, irc, kmem, list, lp, mail, man, news, nogroup, operator, plugdev, proxy, root, sasl, shadow, src, staff, sudo, sys, tape, tty, users, utmp, uucp, video, voice, www-data.
One can read local documentation about standard groups in /usr/share/doc/base-passwd/users-and-groups.html
(or online).
2. Deeper approach
Warning: do not continue if unsure what you are doing or if you are newbie.
Start with
sudo update-passwd --verbose
and then if you have installed other software from repositories and then trashed your /etc/passwd
and/or /etc/group
you can try to reinstall all such packages with the command based on @muru suggestion:
sudo apt-get install --reinstall \
$(grep -RlE '(getent|useradd|adduser|groupadd|addgroup|chrgp|chmod|gpasswd|usermod)' \
/var/lib/dpkg/info --include='*inst' | sed -r 's:.*/(.*)\.[-a-z]+inst:\1:')
2.1. Broken /etc/group
If you have removed entries from /etc/group
you will face error messages as
dpkg: unrecoverable fatal error, aborting:
unknown group 'crontab' in statoverride file
E: Sub-process /usr/bin/dpkg returned an error code (2)
You need to remove corresponding lines from /var/lib/dpkg/statoverride
and /etc/passwd
then try again with the command above.
Other possible error message is
E: Internal Error, No file name for dbus:amd64
You can fix it by downloading the package manually:
apt-get download dbus
sudo dpkg -i dbus*.deb
and then try again with the command above.
If you have removed systemd-related groups systemd-journal, systemd-timesync, systemd-network, systemd-resolve, systemd-bus-proxy from /etc/group then remove them from /etc/passwd
and reinstall systemd
package with
sudo apt-get install --reinstall systemd
then try again with the command above
2.2. Broken /etc/passwd
If you have removed entries from /etc/passwd
you will face error messages as
dpkg: unrecoverable fatal error, aborting:
unknown user 'hplip' in statoverride file
You need to remove corresponding line from /var/lib/dpkg/statoverride
and then try again with the command above.
Best Answer
In your example you:
user1
as a part of the groupuser2
.user2
as a part of the groupadmin
.The user
user1
is distinct from the groupuser1
.Since (the user)
user2
is a member of theadmin
group, and (the user)user1
is a member of (the group)user2
- isuser1
effectively an admin?user2
is a member of theadmin
group. Not the groupuser1
.If the
admin
group is in the sudoers file, can (the user)user2
use it as well?If the admin group is in the sudoers file, can user1 use it as well?
user2
in it. Even though the useruser1
is part of the groupuser2
. They are different things, but share the same name in this and many distros setup. Groups on one side, users on the other. If the names match, they are still entierly different things.To sum it up: Separate the user from the group. The names may be the same, but they refer to different entities. In GNU/Linux you do not have groups inside groups, a group can only contain users (which is different from say Windows).