Don’t forget a little dash a.
Typos are too easy. I have to laugh about this one though…
I needed to quickly add a user to a server I administer and make sure they could read/write within the web server’s document root without giving them sudo rights. 
Simple; create the user newuser and add a new group webadmin real quick to allow that group write permissions in the directory. Put the new user into the webadmin group and Bob’s your uncle. Simple.
Why not add myself to that group too, so that I don’t have to sudo to modify the directory either? We had locked the files in there to remove write permissions earlier, but if I’m setting up group permissions, I might as well take advantage of that as well. Probably should have done that a long time ago… Let me just add myself to the group:
sudo usermod -G webadmin myusername
Done and done.
Did you catch the error? (I didn’t until it was too late.) The correct command was:
sudo usermod -aG webadmin myusername
Yep. I just replaced all my groups (including sudo) with just one: webadmin. Sure, I can write in the document root now, but I’m not really the admin anymore. And I’m working remotely, so there is nothing I can do on this machine to fix that without going on site.1 🤦♂️
Sometimes it’s the easy things that get you.
-a
-
I should mention that there is no firmware-level remote management on this particular machine, so I couldn’t just use that. ↩︎