Ubuntu添加用户并赋予sudo权限

---

前言

趁着华为云双十一优惠买了个服务器，尝试搭建一些服务。记录一次新增用户、安装mosqitto、从另外一个服务器转移文件的经历。

服务器是Ubuntu20.04系统。

---

一、新增用户

1.新增用户lyf

首先查看useradd的用法：

root@hecs-80182:~# useradd -h
Usage: useradd [options] LOGIN
       useradd -D
       useradd -D [options]

Options:
      --badnames                do not check for bad names
  -b, --base-dir BASE_DIR       base directory for the home directory of the
                                new account
      --btrfs-subvolume-home    use BTRFS subvolume for home directory
  -c, --comment COMMENT         GECOS field of the new account
  -d, --home-dir HOME_DIR       home directory of the new account
  -D, --defaults                print or change default useradd configuration
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE       password inactivity period of the new account
  -g, --gid GROUP               name or ID of the primary group of the new
                                account
  -G, --groups GROUPS           list of supplementary groups of the new
                                account
  -h, --help                    display this help message and exit
  -k, --skel SKEL_DIR           use this alternative skeleton directory
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -l, --no-log-init             do not add the user to the lastlog and
                                faillog databases
  -m, --create-home             create the user's home directory
  -M, --no-create-home          do not create the user's home directory
  -N, --no-user-group           do not create a group with the same name as
                                the user
  -o, --non-unique              allow to create users with duplicate
                                (non-unique) UID
  -p, --password PASSWORD       encrypted password of the new account
  -r, --system                  create a system account
  -R, --root CHROOT_DIR         directory to chroot into
  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files
  -s, --shell SHELL             login shell of the new account
  -u, --uid UID                 user ID of the new account
  -U, --user-group              create a group with the same name as the user
  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
      --extrausers              Use the extra users database

现在想新增lyf用户，先尝试：

useradd lyf

会发现/home目录下没有用户文件夹，先删除这个用户：
查看userdel：

root@hecs-80182:~# userdel -h
Usage: userdel [options] LOGIN

Options:
  -f, --force                   force removal of files,
                                even if not owned by user
  -h, --help                    display this help message and exit
  -r, --remove                  remove home directory and mail spool
  -R, --root CHROOT_DIR         directory to chroot into
  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files
      --extrausers              Use the extra users database
  -Z, --selinux-user            remove any SELinux user mapping for the user

使用命令：

userdel -r lyf

尝试使用-m选项：

useradd -m lyf

系统自动新建了用户目录：

root@hecs-80182:~# ls /home
lyf

但是登录lyf后发现默认仍是/root目录，而且不显示用户名和主机名！查阅资料后发现是没有配置shell，把新建用户命令进一步修改为¹：

useradd -s /bin/bash -m lyf

完成！

---

2.设置密码

passwd命令：

root@hecs-80182:~# passwd -h
Usage: passwd [options] [LOGIN]

Options:
  -a, --all                     report password status on all accounts
  -d, --delete                  delete the password for the named account
  -e, --expire                  force expire the password for the named account
  -h, --help                    display this help message and exit
  -k, --keep-tokens             change password only if expired
  -i, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --lock                    lock the password of the named account
  -n, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -q, --quiet                   quiet mode
  -r, --repository REPOSITORY   change password in REPOSITORY repository
  -R, --root CHROOT_DIR         directory to chroot into
  -S, --status                  report password status on the named account
  -u, --unlock                  unlock the password of the named account
  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
  -x, --maxdays MAX_DAYS        set maximum number of days before password
                                change to MAX_DAYS

使用

passwd lyf

输入两次密码：

root@hecs-80182:~# passwd lyf
New password:
Retype new password:
passwd: password updated successfully

切换用户用su命令：

su lyf

---

3.更改用户组，让新用户有sudo权限

groups查看当前用户的组信息。
id、id 用户名查看组信息。²

现在lyf是没有sudo权限的，我们为它添加附加群组。
usermod命令：

root@hecs-80182:/home/lyf# usermod -h
Usage: usermod [options] LOGIN

Options:
  -b, --badnames                allow bad names
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                the user from other groups
  -h, --help                    display this help message and exit
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
  
  -s, --shell SHELL             new login shell for the user account

（省略了暂时用不上的选项）
尝试³

usermod -aG sudo lyf

测试发现lyf已经拥有sudo的权限了。
到此为止，准备工作完成。

---

二、安装mosquitto配置mqtt

1.安装

依次运行下面的命令，先添加仓库再安装，否则安装的是旧版本。⁴

sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa
sudo apt install mosquitto mosquitto-clients

2.配置文件

我的目标是能用账号登录，在默认的1883端口对任意IPv4开放服务。

设置密码

生成密钥文件：
使用mosquitto_passwd工具：
用法：

mosquitto_passwd is a tool for managing password files for mosquitto.

Usage: mosquitto_passwd [-H sha512 | -H sha512-pbkdf2] [-c | -D] passwordfile username
       mosquitto_passwd [-H sha512 | -H sha512-pbkdf2] [-c] -b passwordfile username password
       mosquitto_passwd -U passwordfile
 -b : run in batch mode to allow passing passwords on the command line.
 -c : create a new password file. This will overwrite existing files.
 -D : delete the username rather than adding/updating its password.
 -H : specify the hashing algorithm. Defaults to sha512-pbkdf2, which is recommended.
      Mosquitto 1.6 and earlier defaulted to sha512.
 -U : update a plain text password file to use hashed passwords.

See https://mosquitto.org/ for more information.

我具体使用如下

sudo mosquitto_passwd -c /etc/mosquitto/pwfile.conf lyf

然后按提示两次输入密码即可。
第一次使用-c选项新建文件，后续新增用户不需要再加这个选项，否则会覆盖掉前面的信息。
再次添加用户：

sudo mosquitto_passwd /etc/mosquitto/pwfile.conf bb

删除用户加上-D选项：

sudo mosquitto_passwd -D /etc/mosquitto/pwfile.conf bb

---

编辑配置文件

配置文件的路径为/etc/mosquitto/mosquitto.conf,官方提供的配置文件说明在这里。
为了实现我的基本目标，把安装软件后自带的配置文件修改为：

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example

persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d

# 下面是新增的内容
# 禁止匿名访问
allow_anonymous false

# 密码配置文件的路径
password_file /etc/mosquitto/pwfile.conf

# 监听1883端口,接受所有IPv4
listener 1883 0.0.0.0

重启服务

sudo service mosquitto restart

进行测试，确实能用 😄

---

总结

有点麻烦，慢慢来。

参考文献

---

1. linux useradd 命令基本用法 ↩︎

2. Linux查看用户组具体方法 ↩︎

3. Linux命令之设置附加组和用户登录Shell ↩︎

4. mosquitto官网下载页面 ↩︎