1. 概述
在Linux中,一些命令只能由 root 用户执行。超级用户可以访问系统中的所有资源和命令。
直接使用 root 权限是很危险的,在Linux中鼓励使用sudo。这是一条为普通用户提供超级用户特权的命令,以执行管理任务所需的特权。 使用 sudo 时,我们可能会遇到 "Username Is Not in the Sudoers File. This Incident Will Be Reported" 的错误。
本文我们将学习该问题产生的原因和解决办法。
2. 错误原因
该错误的原因是当前用户没有sudo权限。如果是系统管理员处于安全考虑而故意限制了我们的访问权限,则不应当修复这个问题,而是遵守规则。
下面,我们复现这个错误:
$ sudo ls
[sudo] password for francis:
francis is not in the sudoers file. This incident will be reported.
'francis is not in the sudoers file' -- 用户 francis 不在 sudoers 文件中。sudoers 文件 定义了 sudo 相关任务的用户和用户组权限。
'This incident will be reported' -- 表明Linux会创建一个关于本次操作的报告。这个报告记录了这个 sudo 事件发生时发生了什么。
3. 添加用户名到 sudoers 文件
如确实需要为用户分配权限,则将其添加到 sudoers 文件中。首先我们需要切换到 root 用户:
$ su root
Password:
然后我们可以就使用文件编辑器如nano或者 vim 编辑sudoers文件。
# nano /etc/sudoers
我们为 francis 用户添加超级用户权限
# User privilege specification
root ALL=(ALL:ALL) ALL
francis ALL=(ALL:ALL) ALL
Now francis can perform tasks that require root access.
Shortly after making the change, we need to save these changes and exit from the text editor. To do this, we’ll press the keyboard keys CTRL+X to exit, Y to save, and Enter to submit. Finally, we can exit from the root session.
4. 添加用户名到 sudo 组
As in the solution above, it’s important that we first switch to the root user:
$ su root
Password:
The su command allows us to perform tasks with the permissions of another user, which in this case is root.
Next, we’ll show the contents of the sudoers file. We’ll focus on the lines that declare the privileges of users, as well as those of user groups:
# cat /etc/sudoers
...
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
...
As shown above, the root user and the members of the admin and sudo groups have superuser privileges. Then again, the sudo group is present, since we’re in a Debian-based distribution. In a Red Hat-based Linux distribution, we’ll encounter the wheel user group instead. It’s the equivalent of the sudo user group for Red Hat-based distributions.
Now, since we’re operating in Debian, let’s add our user to the sudo group:
# usermod -aG sudo francis
Here, the usermod command allows us to modify our user’s attributes. In particular, we use the -G option to declare that we’d like to update the group information for our user francis. Also, the -a option makes certain that other groups associated with this user aren’t deleted in the process. As a result, francis can now perform administrative tasks with sudo. In Red Hat distros, replacing sudo with wheel provides similar results.
Once we’re through, we’ll exit from the root user session:
# exit
exit
Now we’re back to our previous user session.
5. 总结
In this article, we briefly explained the meaning of the Linux error ‘Username is not in the sudoers file. This incident will be reported.’ Then we demonstrated two applicable solutions to solve this issue.