【问题】
已安装一个Ubuntu虚拟机。
在其中想要折腾开发方面的事情。
需要去到opt下建立文件夹,结果竟然说没权限:
crifan@ubuntu:~/develop$ pwd /home/crifan/develop crifan@ubuntu:~/develop$ cd /opt/ crifan@ubuntu:/opt$ ls crifan@ubuntu:/opt$ mkdir crosscompile mkdir: cannot create directory ‘crosscompile’: Permission denied crifan@ubuntu:/opt$ users crifan crifan crifan@ubuntu:/opt$
所以,现在希望:
每次,使用当前的普通用户,登陆后,即可具有超级用户sudo的权限。
不希望再每次输入sudo,直接用。
即把当前用户,提升权限,变成超级用户。
【折腾过程】
1.网上搜了一堆,都是开启Ubuntu的root用户的,对我此处没啥意义。
2.参考:
regular user to admin user in linux?
中提到了:sudoers
去看了看,感觉不适合我。
其只是,将用户变成对于某些东西有sudo 的权限,但是用起来,还是需要输入sudo的,还是很麻烦。
3.继续参考上面的解释,说是可以把当前用户加到wheel or admin group。
不太懂wheel是啥。以及如何添加。
关于为何管理员组,被叫做wheel,这里有解释:
More trivia: origin of the wheel group
4.然后去想办法,把当前用户加到管理员组里面。
搜:
ubuntu Add user to the wheel group
找到
Configuring sudo and adding users to Wheel group
然后去修改
/etc/sudoers
但是:
一是没有%wheel
二是要加的:
# usermod -G10 user1
也看起来不对:#明显是注释掉了此行而已
所以,放弃此人的教程。
5.搜:
ubuntu Add user to the root group
参考:
Ubuntu Linux: Add a User To Group
去看看这些相关的命令:
crifan@ubuntu:/opt$ su -
Password:
su: Authentication failure
crifan@ubuntu:/opt$ sudo -s
root@ubuntu:/opt# usermode --help
No command 'usermode' found, did you mean:
Command 'usermod' from package 'passwd' (main)
usermode: command not found
root@ubuntu:/opt# usermod --help
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-Z, --selinux-user SEUSER new SELinux user mapping for the user account
root@ubuntu:/opt# 6.但是仍旧不知道当前,存在哪些group。
参考:
Can I add myself to group `root’?
貌似默认的是root这个group。
7.所以,可以去试试:
root@ubuntu:/opt# usermod -a -G root crifan
8.然后再退出当前root用户:
root@ubuntu:/opt# exit exit
去使用crifan,看看能否创建文件夹,结果还是不行:
crifan@ubuntu:/opt$ mkdir crosscompile mkdir: cannot create directory ‘crosscompile’: Permission denied
9.然后logout注销:
重新用crifan登陆,再试试,结果还是不行。
10.算了,还是进入系统管理工具里面, 试试如何把当前的用户,添加到root组里面。
结果发现,当前用户,已经是administrator了:
而且貌似无法更改属于哪个组。
11.看来还是需要想别的办法。
参考:
How do I create an admin user on Ubuntu?
去试试:
crifan@ubuntu:~/Desktop$ sudo -s [sudo] password for crifan: root@ubuntu:~/Desktop# usermod -a -G sudo crifan
然后再去试试是否可行,结果不行,然后又去试了其他的:
crifan@ubuntu:~/Desktop$ cd /opt/ crifan@ubuntu:/opt$ mkdir crosscompile mkdir: cannot create directory ‘crosscompile’: Permission denied crifan@ubuntu:/opt$ sudo -s root@ubuntu:/opt# more /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/ sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: root@ubuntu:/opt# cat /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d root@ubuntu:/opt# usermod -a -G admin crifan usermod: group 'admin' does not exist root@ubuntu:/opt# exit exit crifan@ubuntu:/opt$
重新logout后,再登陆试试,结果还是不行。
12.再去参考上面帖子,去试试:
给
/etc/sudoers
添加上:
%wheel ALL=(ALL) ALL
然后把自己加上:
usernod -a -G wheel crifan
结果总之还是不行:
crifan@ubuntu:/opt$ mkdir crosscompile
mkdir: cannot create directory ‘crosscompile’: Permission denied
crifan@ubuntu:/opt$ sudo gedit /etc/sudoers
[sudo] password for crifan:
(gedit:6653): IBUS-WARNING **: The owner of /home/crifan/.config/ibus/bus is not root!
crifan@ubuntu:/opt$ sudo -s
root@ubuntu:/opt# usermod -a -G wheel crifan
usermod: group 'wheel' does not exist
root@ubuntu:/opt# usermod -G wheel crifan
usermod: group 'wheel' does not exist
root@ubuntu:/opt# usermod -a wheel crifan
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-Z, --selinux-user SEUSER new SELinux user mapping for the user account
root@ubuntu:/opt# usermod -G wheel crifan^C
root@ubuntu:/opt# sudo -s
root@ubuntu:/opt# gedit /etc/sudoers
(gedit:6802): IBUS-WARNING **: The owner of /home/crifan/.config/ibus/bus is not root!
root@ubuntu:/opt# 13.继续参考:
去给/etc/sudoers加上:
| crifan ALL=(ALL) ALL |
然后logout,再回来试试。
结果还是不行。
14.重启ubuntu试试,结果还是不行。
15.索性,还是参考:
去用此不太好,但是可用的办法吧:
sudo gedit /etc/passwd
将其中的:
crifan:x:1000:1000:crifan li,,,:/home/crifan:/bin/bash
改为:
crifan:x:0:0:crifan li,,,:/home/crifan:/bin/bash
logout,再进来试试,
但是结果右上角,都没有下拉菜单了。
而且打开终端会显示:
I have no name !!!
所以,还是去改回来吧。
结果都进不去了:
I have no name!@ubuntu:~/Desktop$ sudo gedit /etc/passwd sudo: unknown uid 1000: who are you?
结果只有强制关闭此Ubuntu虚拟机的电源才得以关闭,否则都没法关闭Ubuntu。。。
16.重启后,的确是可以用root权限创建文件夹了:
root@ubuntu:~/Desktop# cd /opt/ root@ubuntu:/opt# mkdir crosscompile root@ubuntu:/opt#
但是很明显,当前用户,不是我的crifan,而是root了。
所以,还是先去改回来:
crifan:x:1000:1000:crifan li,,,:/home/crifan:/bin/bash
然后重启Ubuntu。
17.参考:
https://help.ubuntu.com/community/RootSudo
去把之前添加到/etc/sudoers中的内容,放到最后,变成:
# # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d #%wheel ALL=(ALL) ALL crifan ALL=NOPASSWD: ALL
logout看看效果。还是没权限。
现在,目前,是已经实现了,使用sudo,可以不用输入密码了:
crifan@ubuntu:~/Desktop$ cd /opt crifan@ubuntu:/opt$ ls crosscompile crifan@ubuntu:/opt$ rmdir crosscompile/ rmdir: failed to remove ‘crosscompile/’: Permission denied crifan@ubuntu:/opt$ mkdir crosscompile mkdir: cannot create directory ‘crosscompile’: File exists crifan@ubuntu:/opt$ mkdir crosscompile2 mkdir: cannot create directory ‘crosscompile2’: Permission denied crifan@ubuntu:/opt$ sudo rmdir crosscompile/ crifan@ubuntu:/opt$
18.但是,其实更希望做到的是:
以crifan用户登陆,每次操作,连sudo都不需要输入,即可用于super user的权限。
发现这人:
和我需求是一样的。
参考其中的解释,打算去:
把id都改为0,但是是先创建一个新的用户,比如crifan2013,然后把crifan2013的id都改为0,然后就自动,好像变成了root用户了,就不用输入sudo了。
不过打算先去试试另外那个方法,把密码留空。
弄了半天,结果就是,把
/etc/shadow
最后一行中的,自己用户的密码,去掉,即从:
crifan:$1$NH4QMkeN$pzTmJ07F.tF3T3H75Kw5R.:15924:0:99999:7:::
变成:
crifan::15924:0:99999:7:::
但是此此处去执行sudo却还是没权限:
crifan@ubuntu:/opt$ sudo sed "s/\(^$whoami):[^:]*/\1/" /etc/shadow > /etc/shadowbash: /etc/shadow: Permission denied
所以,还是手动去修改算了。
然后logout试试。
结果还是和之前一样的效果而已:
crifan@ubuntu:/opt$ ls crifan@ubuntu:/opt$ mkdir crosscompile mkdir: cannot create directory ‘crosscompile’: Permission denied crifan@ubuntu:/opt$ sudo mkdir crosscompile crifan@ubuntu:/opt$
比如还是要输入sudo才行的。虽然无需再输入密码。
所以,还是用之前的:
"把id都改为0,但是是先创建一个新的用户,比如crifan2013,然后把crifan2013的id都改为0,然后就自动,好像变成了root用户了,就不用输入sudo了。"
去新建一个用户:
(1)参考:
How do I create an admin user on Ubuntu?
crifan@ubuntu:/opt$ sudo adduser crifan2013 Adding user `crifan2013' ... Adding new group `crifan2013' (1001) ... Adding new user `crifan2013' (1001) with group `crifan2013' ... Creating home directory `/home/crifan2013' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for crifan2013 Enter the new value, or press ENTER for the default Full Name []: crifan li 2013 Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] y crifan@ubuntu:/opt$ sudo adduser crifan2013 admin adduser: The group `admin' does not exist. crifan@ubuntu:/opt$ sudo adduser crifan2013 sudo Adding user `crifan2013' to group `sudo' ... Adding user crifan2013 to group sudo Done.
(2)把/etc/passwd中的:
crifan2013:x:1001:1001:crifan li 2013,,,:/home/crifan2013:/bin/bash
改为:
crifan2013:x:0:0:crifan li 2013,,,:/home/crifan2013:/bin/bash
(3)给/etc/sudoers中最后添加:
crifan2013 ALL=NOPASSWD: ALL
(4)重启Ubuntu,用crifan2013登陆。
结果竟然没有crifan2013这个用户。。。
后来才发现,比如去:
sudo gedit /etc/passwd
中把其uid和gid都恢复到原先的1001:
sudo gedit /etc/passwd
然后才能出现新的crifan2013这个用户。
然后用此用户登陆后,再去到
sudo gedit /etc/passwd
中,把id都改为0:
sudo gedit /etc/passwd
重启ubuntu试试。结果就还是没有了crifan2013这个用户。
即,还是没有实现所要的效果。
19.参考:
先去开启了root。
crifan@ubuntu:/opt$ sudo passwd root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully crifan@ubuntu:/opt$ sudo cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false avahi-autoipd:x:103:106:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false usbmux:x:104:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:105:65534:dnsmasq,,,:/var/lib/misc:/bin/false whoopsie:x:106:110::/nonexistent:/bin/false kernoops:x:107:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:108:114:RealtimeKit,,,:/proc:/bin/false speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh lightdm:x:110:116:Light Display Manager:/var/lib/lightdm:/bin/false avahi:x:111:118:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false colord:x:112:120:colord colour management daemon,,,:/var/lib/colord:/bin/false pulse:x:113:121:PulseAudio daemon,,,:/var/run/pulse:/bin/false hplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/false saned:x:115:123::/home/saned:/bin/false crifan:x:1000:1000:crifan li,,,:/home/crifan:/bin/bash crifan2013:x:1001:1001:crifan li 2013,,,:/home/crifan2013:/bin/bash crifan@ubuntu:/opt$
【总结】
至此,还是没有实现要的效果:
可以将普通用户crifan变成sudo(超级用户),使得,每次做任何操作,都,本身已有sudo权限,且不用输入sudo。
目前只能实现的效果是:
以crifan登陆,无需密码就可以登陆;
在crifan使用sudo时,无需输入sudo的密码了;