【问题】
已安装一个Ubuntu虚拟机。
在其中想要折腾开发方面的事情。
需要去到opt下建立文件夹,结果竟然说没权限:
1 2 3 4 5 6 7 8 9 | crifan@ubuntu:~/develop$ pwd/home/crifan/developcrifan@ubuntu:~/develop$ cd /opt/crifan@ubuntu:/opt$ lscrifan@ubuntu:/opt$ mkdir crosscompilemkdir: cannot create directory ‘crosscompile’: Permission deniedcrifan@ubuntu:/opt$ userscrifan crifancrifan@ubuntu:/opt$ |
所以,现在希望:
每次,使用当前的普通用户,登陆后,即可具有超级用户sudo的权限。
不希望再每次输入sudo,直接用。
即把当前用户,提升权限,变成超级用户。
【折腾过程】
1.网上搜了一堆,都是开启Ubuntu的root用户的,对我此处没啥意义。
2.参考:
regular user to admin user in linux?
中提到了:sudoers
去看了看,感觉不适合我。
其只是,将用户变成对于某些东西有sudo 的权限,但是用起来,还是需要输入sudo的,还是很麻烦。
3.继续参考上面的解释,说是可以把当前用户加到wheel or admin group。
不太懂wheel是啥。以及如何添加。
关于为何管理员组,被叫做wheel,这里有解释:
More trivia: origin of the wheel group
4.然后去想办法,把当前用户加到管理员组里面。
搜:
ubuntu Add user to the wheel group
找到
Configuring sudo and adding users to Wheel group
然后去修改
/etc/sudoers
但是:
一是没有%wheel
二是要加的:
# usermod -G10 user1
也看起来不对:#明显是注释掉了此行而已
所以,放弃此人的教程。
5.搜:
ubuntu Add user to the root group
参考:
Ubuntu Linux: Add a User To Group
去看看这些相关的命令:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | crifan@ubuntu:/opt$ su -Password: su: Authentication failurecrifan@ubuntu:/opt$ sudo -sroot@ubuntu:/opt# usermode --helpNo command 'usermode' found, did you mean: Command 'usermod' from package 'passwd' (main)usermode: command not foundroot@ubuntu:/opt# usermod --helpUsage: usermod [options] LOGINOptions: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -Z, --selinux-user SEUSER new SELinux user mapping for the user accountroot@ubuntu:/opt# |
6.但是仍旧不知道当前,存在哪些group。
参考:
Can I add myself to group `root’?
貌似默认的是root这个group。
7.所以,可以去试试:
1 | root@ubuntu:/opt# usermod -a -G root crifan |
8.然后再退出当前root用户:
1 2 | root@ubuntu:/opt# exitexit |
去使用crifan,看看能否创建文件夹,结果还是不行:
1 2 | crifan@ubuntu:/opt$ mkdir crosscompilemkdir: cannot create directory ‘crosscompile’: Permission denied |
9.然后logout注销:
重新用crifan登陆,再试试,结果还是不行。
10.算了,还是进入系统管理工具里面, 试试如何把当前的用户,添加到root组里面。
结果发现,当前用户,已经是administrator了:
而且貌似无法更改属于哪个组。
11.看来还是需要想别的办法。
参考:
How do I create an admin user on Ubuntu?
去试试:
1 2 3 | crifan@ubuntu:~/Desktop$ sudo -s[sudo] password for crifan: root@ubuntu:~/Desktop# usermod -a -G sudo crifan |
然后再去试试是否可行,结果不行,然后又去试了其他的:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | crifan@ubuntu:~/Desktop$ cd /opt/crifan@ubuntu:/opt$ mkdir crosscompilemkdir: cannot create directory ‘crosscompile’: Permission deniedcrifan@ubuntu:/opt$ sudo -sroot@ubuntu:/opt# more /etc/sudoers## This file MUST be edited with the 'visudo' command as root.## Please consider adding local content in /etc/sudoers.d/ instead of# directly modifying this file.## See the man page for details on how to write a sudoers file.#Defaults env_resetDefaults mail_badpassDefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"# Host alias specification# User alias specification# Cmnd alias specification# User privilege specificationroot ALL=(ALL:ALL) ALL# Members of the admin group may gain root privileges%admin ALL=(ALL) ALL# Allow members of group sudo to execute any command%sudo ALL=(ALL:ALL) ALL# See sudoers(5) for more information on "#include" directives:root@ubuntu:/opt# cat /etc/sudoers## This file MUST be edited with the 'visudo' command as root.## Please consider adding local content in /etc/sudoers.d/ instead of# directly modifying this file.## See the man page for details on how to write a sudoers file.#Defaults env_resetDefaults mail_badpassDefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"# Host alias specification# User alias specification# Cmnd alias specification# User privilege specificationroot ALL=(ALL:ALL) ALL# Members of the admin group may gain root privileges%admin ALL=(ALL) ALL# Allow members of group sudo to execute any command%sudo ALL=(ALL:ALL) ALL# See sudoers(5) for more information on "#include" directives:#includedir /etc/sudoers.droot@ubuntu:/opt# usermod -a -G admin crifanusermod: group 'admin' does not existroot@ubuntu:/opt# exitexitcrifan@ubuntu:/opt$ |
重新logout后,再登陆试试,结果还是不行。
12.再去参考上面帖子,去试试:
给
/etc/sudoers
添加上:
%wheel ALL=(ALL) ALL
然后把自己加上:
usernod -a -G wheel crifan
结果总之还是不行:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | crifan@ubuntu:/opt$ mkdir crosscompilemkdir: cannot create directory ‘crosscompile’: Permission deniedcrifan@ubuntu:/opt$ sudo gedit /etc/sudoers[sudo] password for crifan: (gedit:6653): IBUS-WARNING **: The owner of /home/crifan/.config/ibus/bus is not root!crifan@ubuntu:/opt$ sudo -sroot@ubuntu:/opt# usermod -a -G wheel crifanusermod: group 'wheel' does not existroot@ubuntu:/opt# usermod -G wheel crifanusermod: group 'wheel' does not existroot@ubuntu:/opt# usermod -a wheel crifanUsage: usermod [options] LOGINOptions: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -Z, --selinux-user SEUSER new SELinux user mapping for the user accountroot@ubuntu:/opt# usermod -G wheel crifan^Croot@ubuntu:/opt# sudo -sroot@ubuntu:/opt# gedit /etc/sudoers(gedit:6802): IBUS-WARNING **: The owner of /home/crifan/.config/ibus/bus is not root!root@ubuntu:/opt# |
13.继续参考:
去给/etc/sudoers加上:
| crifan ALL=(ALL) ALL |
然后logout,再回来试试。
结果还是不行。
14.重启ubuntu试试,结果还是不行。
15.索性,还是参考:
去用此不太好,但是可用的办法吧:
1 | sudo gedit /etc/passwd |
将其中的:
1 | crifan:x:1000:1000:crifan li,,,:/home/crifan:/bin/bash |
改为:
1 | crifan:x:0:0:crifan li,,,:/home/crifan:/bin/bash |
logout,再进来试试,
但是结果右上角,都没有下拉菜单了。
而且打开终端会显示:
I have no name !!!
所以,还是去改回来吧。
结果都进不去了:
1 2 | I have no name!@ubuntu:~/Desktop$ sudo gedit /etc/passwdsudo: unknown uid 1000: who are you? |
结果只有强制关闭此Ubuntu虚拟机的电源才得以关闭,否则都没法关闭Ubuntu。。。
16.重启后,的确是可以用root权限创建文件夹了:
1 2 3 | root@ubuntu:~/Desktop# cd /opt/root@ubuntu:/opt# mkdir crosscompileroot@ubuntu:/opt# |
但是很明显,当前用户,不是我的crifan,而是root了。
所以,还是先去改回来:
1 | crifan:x:1000:1000:crifan li,,,:/home/crifan:/bin/bash |
然后重启Ubuntu。
17.参考:
https://help.ubuntu.com/community/RootSudo
去把之前添加到/etc/sudoers中的内容,放到最后,变成:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | ## This file MUST be edited with the 'visudo' command as root.## Please consider adding local content in /etc/sudoers.d/ instead of# directly modifying this file.## See the man page for details on how to write a sudoers file.#Defaults env_resetDefaults mail_badpassDefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"# Host alias specification# User alias specification# Cmnd alias specification# User privilege specificationroot ALL=(ALL:ALL) ALL# Members of the admin group may gain root privileges%admin ALL=(ALL) ALL# Allow members of group sudo to execute any command%sudo ALL=(ALL:ALL) ALL# See sudoers(5) for more information on "#include" directives:#includedir /etc/sudoers.d#%wheel ALL=(ALL) ALLcrifan ALL=NOPASSWD: ALL |
logout看看效果。还是没权限。
现在,目前,是已经实现了,使用sudo,可以不用输入密码了:
1 2 3 4 5 6 7 8 9 10 11 | crifan@ubuntu:~/Desktop$ cd /optcrifan@ubuntu:/opt$ lscrosscompilecrifan@ubuntu:/opt$ rmdir crosscompile/rmdir: failed to remove ‘crosscompile/’: Permission deniedcrifan@ubuntu:/opt$ mkdir crosscompilemkdir: cannot create directory ‘crosscompile’: File existscrifan@ubuntu:/opt$ mkdir crosscompile2mkdir: cannot create directory ‘crosscompile2’: Permission deniedcrifan@ubuntu:/opt$ sudo rmdir crosscompile/crifan@ubuntu:/opt$ |
18.但是,其实更希望做到的是:
以crifan用户登陆,每次操作,连sudo都不需要输入,即可用于super user的权限。
发现这人:
和我需求是一样的。
参考其中的解释,打算去:
把id都改为0,但是是先创建一个新的用户,比如crifan2013,然后把crifan2013的id都改为0,然后就自动,好像变成了root用户了,就不用输入sudo了。
不过打算先去试试另外那个方法,把密码留空。
弄了半天,结果就是,把
/etc/shadow
最后一行中的,自己用户的密码,去掉,即从:
1 | crifan:$1$NH4QMkeN$pzTmJ07F.tF3T3H75Kw5R.:15924:0:99999:7::: |
变成:
1 | crifan::15924:0:99999:7::: |
但是此此处去执行sudo却还是没权限:
1 | crifan@ubuntu:/opt$ sudo sed "s/\(^$whoami):[^:]*/\1/" /etc/shadow > /etc/shadowbash: /etc/shadow: Permission denied |
所以,还是手动去修改算了。
然后logout试试。
结果还是和之前一样的效果而已:
1 2 3 4 5 | crifan@ubuntu:/opt$ lscrifan@ubuntu:/opt$ mkdir crosscompilemkdir: cannot create directory ‘crosscompile’: Permission deniedcrifan@ubuntu:/opt$ sudo mkdir crosscompilecrifan@ubuntu:/opt$ |
比如还是要输入sudo才行的。虽然无需再输入密码。
所以,还是用之前的:
"把id都改为0,但是是先创建一个新的用户,比如crifan2013,然后把crifan2013的id都改为0,然后就自动,好像变成了root用户了,就不用输入sudo了。"
去新建一个用户:
(1)参考:
How do I create an admin user on Ubuntu?
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | crifan@ubuntu:/opt$ sudo adduser crifan2013Adding user `crifan2013' ...Adding new group `crifan2013' (1001) ...Adding new user `crifan2013' (1001) with group `crifan2013' ...Creating home directory `/home/crifan2013' ...Copying files from `/etc/skel' ...Enter new UNIX password: Retype new UNIX password: passwd: password updated successfullyChanging the user information for crifan2013Enter the new value, or press ENTER for the default Full Name []: crifan li 2013 Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] ycrifan@ubuntu:/opt$ sudo adduser crifan2013 adminadduser: The group `admin' does not exist.crifan@ubuntu:/opt$ sudo adduser crifan2013 sudoAdding user `crifan2013' to group `sudo' ...Adding user crifan2013 to group sudoDone. |
(2)把/etc/passwd中的:
1 | crifan2013:x:1001:1001:crifan li 2013,,,:/home/crifan2013:/bin/bash |
改为:
1 | crifan2013:x:0:0:crifan li 2013,,,:/home/crifan2013:/bin/bash |
(3)给/etc/sudoers中最后添加:
1 | crifan2013 ALL=NOPASSWD: ALL |
(4)重启Ubuntu,用crifan2013登陆。
结果竟然没有crifan2013这个用户。。。
后来才发现,比如去:
sudo gedit /etc/passwd
中把其uid和gid都恢复到原先的1001:
1 | sudo gedit /etc/passwd |
然后才能出现新的crifan2013这个用户。
然后用此用户登陆后,再去到
sudo gedit /etc/passwd
中,把id都改为0:
1 | sudo gedit /etc/passwd |
重启ubuntu试试。结果就还是没有了crifan2013这个用户。
即,还是没有实现所要的效果。
19.参考:
先去开启了root。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | crifan@ubuntu:/opt$ sudo passwd rootEnter new UNIX password: Retype new UNIX password: passwd: password updated successfullycrifan@ubuntu:/opt$ sudo cat /etc/passwdroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsemessagebus:x:102:105::/var/run/dbus:/bin/falseavahi-autoipd:x:103:106:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/falseusbmux:x:104:46:usbmux daemon,,,:/home/usbmux:/bin/falsednsmasq:x:105:65534:dnsmasq,,,:/var/lib/misc:/bin/falsewhoopsie:x:106:110::/nonexistent:/bin/falsekernoops:x:107:65534:Kernel Oops Tracking Daemon,,,:/:/bin/falsertkit:x:108:114:RealtimeKit,,,:/proc:/bin/falsespeech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/shlightdm:x:110:116:Light Display Manager:/var/lib/lightdm:/bin/falseavahi:x:111:118:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/falsecolord:x:112:120:colord colour management daemon,,,:/var/lib/colord:/bin/falsepulse:x:113:121:PulseAudio daemon,,,:/var/run/pulse:/bin/falsehplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/falsesaned:x:115:123::/home/saned:/bin/falsecrifan:x:1000:1000:crifan li,,,:/home/crifan:/bin/bashcrifan2013:x:1001:1001:crifan li 2013,,,:/home/crifan2013:/bin/bashcrifan@ubuntu:/opt$ |
【总结】
至此,还是没有实现要的效果:
可以将普通用户crifan变成sudo(超级用户),使得,每次做任何操作,都,本身已有sudo权限,且不用输入sudo。
目前只能实现的效果是:
以crifan登陆,无需密码就可以登陆;
在crifan使用sudo时,无需输入sudo的密码了;