UbuntuHelp:UbuntuLTSP/CreateChrootAdminAcct
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
| This page is specific to Ubuntu versions 8.04, 8.10, 9.04, 9.10 and 10.04 |
If you find this information applicable to additional versions/releases, please edit this page and modify this header to reflect that. Please also include any necessary modifications for this information to apply to the additional versions.
NOTE: Please use this page as a reference for other pages instead of simply copying the code.
目录
Create admin account
By default in Ubuntu (server and chroot filesystems), the 'root' account is locked and users are advised to use 'sudo' to perform administrative tasks. This is a good idea. This page is dedicated to creating an administrative user account in the LTSP client chroot environment. To become root, the adminname user only needs to:
sudo -s -H
- Create an adminname account inside the chroot:
- NOTE: In the visudo step add to end of /etc/sudoers file:
# Members of the sudo group may gain root privileges %sudo ALL=(ALL) ALL
sudo -s -H chroot /opt/ltsp/i386 useradd -m adminname -G sudo passwd adminname visudo exit exit
- Lastly, update the client image to reflect the changes we just made:
sudo ltsp-update-image
- Alternatively, if you have a 64-bit server and 32-bit thin clients, use this command instead, both this time and throughout the rest of this page.
sudo ltsp-update-image --arch i386
How to 'lock' the account
sudo chroot /opt/ltsp/i386 passwd -l adminname sudo ltsp-update-image
How to 'unlock' the account
sudo chroot /opt/ltsp/i386 passwd -u adminname sudo ltsp-update-image
Additional security measure
Disable root login by editing sshd_config
sudo vi /opt/ltsp/i386/etc/ssh/sshd_config
Change PermitRootLogin to no:
PermitRootLogin no
Maybe add a security Banner
#Banner /etc/issue.net Banner /etc/ssh/warning
Then create the warning file:
sudo vi /opt/ltsp/i386/etc/ssh/warning
Something like:
*** WARNING *** THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE ONLY.
Finally again
sudo ltsp-update-image
