本文共 8538 字,大约阅读时间需要 28 分钟。
Adding and removing users on a Linux system is one of the most important system administration tasks to familiarize yourself with. When you create a new system, you are often only given access to the root account by default.
在Linux系统上添加和删除用户是您熟悉的最重要的系统管理任务之一。 创建新系统时,默认情况下通常仅授予您对根帐户的访问权限。
While running as the root user gives you complete control over a system and its users, it is also dangerous and can be destructive. For common system administration tasks, it is a better idea to add an unprivileged user and carry out those tasks without root privileges. You can also create additional unprivileged accounts for any other users you may have on your system. Each user on a system should have their own separate account.
以root用户身份运行时,可以完全控制系统及其用户,但这样做也是危险的,并且可能具有破坏性。 对于常见的系统管理任务,最好添加一个非特权用户并在没有root特权的情况下执行那些任务。 您还可以为系统上可能拥有的任何其他用户创建其他非特权帐户。 系统上的每个用户都应拥有各自的帐户。
For tasks that require administrator privileges, there is a tool installed on Ubuntu systems called sudo
. Briefly, sudo
allows you to run a command as another user, including users with administrative privileges. In this guide we will cover how to create user accounts, assign sudo
privileges, and delete users.
对于需要管理员特权的任务,在Ubuntu系统上安装了一个名为sudo
的工具。 简而言之, sudo
允许您以另一个用户(包括具有管理特权的用户)的身份运行命令。 在本指南中,我们将介绍如何创建用户帐户,分配sudo
权限以及删除用户。
To follow along with this guide, you will need:
要遵循本指南,您将需要:
Access to a server running Ubuntu 18.04. Ensure that you have root access to the server. To set this up, follow our .
访问运行Ubuntu 18.04的服务器。 确保您具有对服务器的超级用户访问权限。 要进行设置,请遵循我们 。
If you are signed in as the root user, you can create a new user at any time by typing:
如果您以root用户身份登录,则可以随时输入以下内容来创建新用户:
adduser newuser
adduser的NEWUSER
If you are signed in as a non-root user who has been given sudo
privileges, you can add a new user by typing:
如果您以具有sudo
特权的非root用户身份登录,则可以通过输入以下内容添加新用户:
sudo adduser newuser
须藤adduser newuser
Either way, you will be asked a series of questions. The procedure will be:
无论哪种方式,都会向您询问一系列问题。 该过程将是:
Enter any additional information about the new user. This is entirely optional and can be skipped by hitting ENTER
if you don’t wish to utilize these fields.
输入有关新用户的任何其他信息。 这是完全可选的,如果您不希望使用这些字段,可以通过按ENTER
跳过。
Finally, you’ll be asked to confirm that the information you provided was correct. Enter Y
to continue.
最后,系统会要求您确认您提供的信息正确无误。 输入Y
继续。
Your new user is now ready for use. You can now log in using the password that you entered.
您的新用户现在可以使用了。 现在,您可以使用输入的密码登录。
If you need your new user to have access to administrative functionality, continue on to the next section.
如果您需要新用户访问管理功能,请继续下一节。
If your new user should have the ability to execute commands with root (administrative) privileges, you will need to give the new user access to sudo
. Let’s examine two approaches to this problem: adding the user to a pre-defined sudo , and specifying privileges on a per-user basis in sudo
’s configuration.
如果您的新用户应具有执行具有root(管理)特权的命令的能力,则需要向新用户授予sudo
访问权限。 让我们研究解决此问题的两种方法:将用户添加到预定义的sudo ,以及在sudo
的配置中基于每个用户指定特权。
By default, sudo
on Ubuntu 18.04 systems is configured to extend full privileges to any user in the sudo group.
默认情况下,Ubuntu 18.04系统上的sudo
配置为将全部特权扩展到sudo组中的任何用户。
You can see what groups your new user is in with the groups
command:
您可以使用groups
命令查看新用户所属的groups
:
groups newuser
分组newuser
Output newuser : newuser
By default, a new user is only in their own group which adduser
creates along with the user profile. A user and its own group share the same name. In order to add the user to a new group, we can use the usermod
command:
默认情况下,新用户仅位于adduser
与用户配置文件一起创建的自己的组中。 用户和自己的组共享相同的名称。 为了将用户添加到新组,我们可以使用usermod
命令:
usermod -aG sudo newuser
usermod -aG sudo newuser
The -aG
option here tells usermod
to add the user to the listed groups.
这里的-aG
选项告诉usermod
将用户添加到列出的组中。
As an alternative to putting your user in the sudo group, you can use the visudo
command, which opens a configuration file called /etc/sudoers
in the system’s default editor, and explicitly specify privileges on a per-user basis.
作为将用户置于sudo组中的替代方法,可以使用visudo
命令,该命令在系统的默认编辑器中打开一个名为/etc/sudoers
的配置文件,并根据每个用户显式指定特权。
Using visudo
is the only recommended way to make changes to /etc/sudoers
, because it locks the file against multiple simultaneous edits and performs a sanity check on its contents before overwriting the file. This helps to prevent a situation where you misconfigure sudo
and are prevented from fixing the problem because you have lost sudo
privileges.
推荐使用visudo
来更改/etc/sudoers
的唯一方法,因为使用visudo
可以锁定文件以防止同时进行多次编辑,并在覆盖文件之前对其内容进行完整性检查。 这有助于防止您错误配置sudo
并防止由于丢失sudo
特权而导致无法解决问题的情况。
If you are currently signed in as root, type:
如果您当前以root用户身份登录,请输入:
If you are signed in as a non-root user with sudo
privileges, type:
如果您以具有sudo
特权的非root用户身份登录,请键入:
Traditionally, visudo
opened /etc/sudoers
in the vi
editor, which can be confusing for inexperienced users. By default on new Ubuntu installations, visudo
will instead use nano
, which provides a more convenient and accessible text editing experience. Use the arrow keys to move the cursor, and search for the line that looks like this:
传统上, visudo
在vi
编辑器中打开/etc/sudoers
,这会使经验不足的用户感到困惑。 默认情况下,在新的Ubuntu安装上, visudo
将改为使用nano
,这将提供更方便和可访问的文本编辑体验。 使用箭头键移动光标,然后搜索如下所示的行:
root ALL=(ALL:ALL) ALL
Below this line, add the following highlighted line. Be sure to change newuser
to the name of the user profile that you would like to grant sudo
privileges:
在此行下方,添加以下突出显示的行。 确保将newuser
更改为您想要授予sudo
特权的用户配置文件的名称:
root ALL=(ALL:ALL) ALLnewuser ALL=(ALL:ALL) ALL
Add a new line like this for each user that should be given full sudo
privileges. When you are finished, you can save and close the file by hitting CTRL+X
, followed by Y
, and then ENTER
to confirm.
为应该被赋予完全sudo
权限的每个用户添加这样的新行。 完成后,可以通过按CTRL+X
,然后按Y
,然后按ENTER
进行确认,以保存并关闭文件。
Now, your new user is able to execute commands with administrative privileges.
现在,您的新用户可以执行具有管理特权的命令。
When signed in as the new user, you can execute commands as your regular user by typing commands as normal:
以新用户身份登录后,您可以像普通用户一样通过正常键入命令来执行命令:
You can execute the same command with administrative privileges by typing sudo
ahead of the command:
您可以通过在命令前键入sudo
以管理特权执行同一命令:
You will be prompted to enter the password of the regular user account you are signed in as.
系统将提示您输入登录时使用的普通用户帐户的密码。
In the event that you no longer need a user, it is best to delete the old account.
如果您不再需要用户,最好删除旧帐户。
You can delete the user itself, without deleting any of their files, by typing the following command as root:
您可以通过以root身份键入以下命令来删除用户本身,而不删除其任何文件:
deluser newuser
删除用户newuser
If you are signed in as another non-root user with sudo
privileges, you could instead type:
如果您以具有sudo
特权的另一个非root用户身份登录,则可以键入:
sudo deluser newuser
须藤deluser NEWUSER
If, instead, you want to delete the user’s home directory when the user is deleted, you can issue the following command as root:
相反,如果要在删除用户时删除用户的主目录,则可以以root身份发出以下命令:
deluser --remove-home newuser
deluser --remove家庭NEWUSER
If you’re running this as a non-root user with sudo
privileges, you would instead type:
如果您以具有sudo
特权的非root用户身份运行此sudo
,则应输入:
sudo deluser --remove-home newuser
sudo deluser-删除主目录newuser
If you had previously configured sudo
privileges for the user you deleted, you may want to remove the relevant line again by typing:
如果您先前为删除的用户配置了sudo
特权,则可能需要输入以下内容来再次删除相关行:
Or use this if you are a non-root user with sudo
privileges:
如果您是具有sudo
特权的非root用户,请使用以下sudo
:
root ALL=(ALL:ALL) ALLnewuser ALL=(ALL:ALL) ALL # DELETE THIS LINE
This will prevent a new user created with the same name from being accidentally given sudo
privileges.
这样可以防止意外为具有相同名称的新用户授予sudo
特权。
You should now have a fairly good handle on how to add and remove users from your Ubuntu 18.04 system. Effective user management will allow you to separate users and give them only the access that they are required to do their job.
现在,您应该对如何在Ubuntu 18.04系统中添加和删除用户有了一个很好的了解。 有效的用户管理将使您能够分隔用户,并仅向他们提供完成其工作所需的访问权限。
For more information about how to configure sudo
, check out our guide on here.
有关如何配置sudo
更多信息,请在此处查看有关指南。
翻译自:
转载地址:http://jlhgb.baihongyu.com/