Privilege & Shell Management

Modify the user's primary group membership and default login shell for specific administrative requirements.

1. Modify Primary Group

Add the user to the root group to grant standard administrative group permissions:

change group:

sudo usermod -g root pandu-hakam

2. Update Default Shell

Change the user's default interactive shell to /bin/sh:

set shell:

sudo usermod -s /bin/sh pandu-hakam

3. Verification

Verify the changes using the id and grep commands:

check user info:

id pandu-hakam

output:

uid=1005(pandu-hakam) gid=0(root) groups=0(root)

check shell:

grep pandu-hakam /etc/passwd

output:

pandu-hakam:x:1005:0::/home/pandu-hakam:/bin/sh

4. Troubleshooting: SSH Permission Issues

When a user's primary group is set to root (GID 0), SSH may encounter "Bad owner or permissions" errors for configuration files. This happens because the files may inherit group-write permissions that SSH deems insecure.

Symptom

ssh client-mon-1
# Bad owner or permissions on /home/pandu-hakam/.ssh/config

Analysis

Check the file permissions:

ls -lah ~/.ssh/config
# -rw-rw-r-- 1 pandu-hakam root 359 May 16 10:33 /home/pandu-hakam/.ssh/config

The rw-rw-r-- (664) permission allows the root group to write to the file. SSH requires that only the owner has write access.

Solution

Restrict the permissions to the owner only (600):

chmod 600 ~/.ssh/config

1. Modify Primary Group​

2. Update Default Shell​

3. Verification​

4. Troubleshooting: SSH Permission Issues​

Symptom​

Analysis​

Solution​