在RHEL7或CentOS7中修改创建账号时系统默认UID、GID最小起始值及其他设置
2017-12-20 11:04
459 查看
大家应该都知道,在Linux系统中,1000以下的UID是系统保留的UID。随意修改系统上某些帐号的 UID 很可能会导致某些程序无法进行,甚至导致系统无法顺利运行。我们可以通过/usr/share/doc/setup-2.8.71/uidgid来查看具体对应关系,当然不同的版本路径可能不一样,可以用/usr/share/doc/setup*/uidgid来通配。
在未来,系统保留UID值范围可能会扩大。现在在RHEL7官方文档中,已经推荐使用5000作为新建账户的最小UID值,怎么样来修改创建账号是最小UID,GID起始值及一些其他设置呢?
通过查看/etc/login.defs文件我们会发现,关于创建账号时的一些默认选项都会在这个文件内有设置。
这个配置文件简洁直观,只需要按照自己的需要修改即可。不作过多解释。
NAME UID GID HOME SHELL PACKAGES root 0 0 /root /bin/bash setup bin 1 1 /bin /sbin/nologin setup daemon 2 2 /sbin /sbin/nologin setup sys - 3 - - setup adm 3 4 /var/adm /bin/bash setup tty - 5 - - setup disk - 6 - - setup lp 4 7 /var/spool/lpd /sbin/nologin setup mem - 8 - - setup kmem - 9 - - setup wheel - 10 - - setup cdrom - 11 - - setup sync 5 (0) /sbin /bin/sync setup shutdown 6 (0) /sbin /sbin/shutdown setup halt 7 (0) /sbin /sbin/halt setup mail 8 12 /var/spool/mail /sbin/nologin setup news 9 13 /var/spool/news /sbin/nologin setup uucp 10 14 /var/spool/uucp /sbin/nologin uucp operator 11 (0) /root /sbin/nologin setup games 12 (100) /usr/games /sbin/nologin setup gopher 13 30 /var/gopher /sbin/nologin -(not created by default) ftp 14 50 /var/ftp /sbin/nologin setup man - 15 - - setup oprofile 16 16 /var/lib/oprofile /sbin/nologin oprofile pkiuser 17 17 /usr/share/pki /sbin/nologin pki-ca,rhpki-ca dialout - 18 - - setup floppy - 19 - - setup games - 20 - - setup slocate - 21 - - slocate utmp - 22 - - initscripts,libutempter squid 23 23 /var/spool/squid /dev/null squid pvm 24 24 /usr/share/pvm3 /bin/bash pvm named 25 25 /var/named /bin/false bind postgres 26 26 /var/lib/pgsql /bin/bash postgresql-server mysql 27 27 /var/lib/mysql /bin/bash mysql nscd 28 28 / /bin/false nscd rpcuser 29 29 /var/lib/nfs /bin/false nfs-utils console - 31 - - dev rpc 32 32 / /bin/false portmap amandabackup 33 (6) /var/lib/amanda /bin/false amanda tape - 33 - - setup netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server utempter - 35 - - libutempter vdsm 36 - / /bin/bash kvm, vdsm kvm - 36 - - kvm, vdsm, libvirt rpm 37 37 /var/lib/rpm /bin/bash rpm ntp 38 38 /etc/ntp /sbin/nologin ntp video - 39 - - setup dip - 40 - - ppp mailman 41 41 /var/mailman /bin/false mailman gdm 42 42 /var/gdm /bin/bash gdm xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs pppusers - 44 - - linuxconf popusers - 45 - - linuxconf slipusers - 46 - - linuxconf mailnull 47 47 /var/spool/mqueue /dev/null sendmail apache 48 48 /var/www /bin/false apache wnn 49 49 /home/wnn /bin/bash FreeWnn smmsp 51 51 /var/spool/mqueue /dev/null sendmail puppet 52 52 /var/lib/puppet /sbin/nologin puppet tomcat 53 53 /var/lib/tomcat /sbin/nologin tomcat lock - 54 - - lockdev ldap 55 55 /var/lib/ldap /bin/false openldap-servers frontpage 56 56 /var/www /bin/false mod_frontpage nut 57 57 /var/lib/ups /bin/false nut beagleindex 58 58 /var/cache/beagle /bin/false beagle tss 59 59 - /sbin/nologin trousers piranha 60 60 /etc/sysconfig/ha /dev/null piranha prelude-manager 61 61 - /sbin/nologin prelude-manager snortd 62 62 - /sbin/nologin snortd audio - 63 - - setup condor 64 64 /var/lib/condor /sbin/nologin condord nslcd 65 (55) / /sbin/nologin nslcd wine - 66 - - wine pegasus 66 65 /var/lib/Pegasus /sbin/nologin tog-pegasus webalizer 67 67 /var/www/html/usage /sbin/nologin webalizer haldaemon 68 68 / /sbin/nologin hal vcsa 69 69 - /sbin/nologin dev,MAKEDEV avahi 70 70 /var/run/avahi-daemon /sbin/nologin avahi realtime - 71 - - - tcpdump 72 72 / /sbin/nologin tcpdump privoxy 73 73 /etc/privoxy /bin/bash privoxy sshd 74 74 /var/empty/sshd /sbin/nologin openssh-server radvd 75 75 / /bin/false radvd cyrus 76 (12) /var/imap /bin/bash cyrus-imapd saslauth - 76 - - cyrus-imapd arpwatch 77 77 /var/lib/arpwatch /sbin/nologin arpwatch fax 78 78 /var/spool/fax /sbin/nologin mgetty nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse desktop 80 80 - /sbin/nologin desktop-file-utils dbus 81 81 / /sbin/nologin dbus jonas 82 82 /var/lib/jonas /sbin/nologin jonas clamav 83 83 /tmp /sbin/nologin clamav screen - 84 - - screen quaggavt - 85 - - quagga sabayon 86 86 - /sbin/nologin sabayon polkituser 87 87 / /sbin/nologin PolicyKit wbpriv - 88 - - samba-common postfix 89 89 /var/spool/postfix /bin/true postfix postdrop - 90 - - postfix majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo quagga 92 92 / /sbin/nologin quagga exim 93 93 /var/spool/exim /sbin/nologin exim distcache 94 94 / /sbin/nologin distcache radiusd 95 95 / /bin/false freeradius hsqldb 96 96 /var/lib/hsqldb /sbin/nologin hsqldb dovecot 97 97 /usr/libexec/dovecot /sbin/nologin dovecot ident 98 98 / /sbin/nologin ident nobody 99 99 / /sbin/nologin setup users - 100 - - setup qemu 107 107 / /sbin/nologin libvirt ovirt 108 108 / /sbin/nologin libvirt rhevm 109 109 /home/rhevm /sbin/nologin vdsm-reg jetty 110 110 /usr/share/jetty /sbin/nologin jetty saned 111 111 / /sbin/nologin sane-backends vhostmd 112 112 /usr/share/vhostmd /sbin/nologin vhostmd usbmuxd 113 113 / /sbin/nologin usbmuxd bacula 133 133 /var/spool/bacula /sbin/nologin bacula cimsrvr 134 134 / /sbin/nologin tog-pegasus-libs mock - 135 / - mock ricci 140 140 /var/lib/ricci /sbin/nologin ricci luci 141 141 /var/lib/luci /sbin/nologin luci activemq 142 142 /usr/share/activemq /sbin/nologin activemq stap-server 155 155 /var/lib/stap-server /sbin/nologin systemtap stapusr - 156 / - systemtap-runtime stapsys - 157 / - systemtap-runtime stapdev - 158 / - systemtap-runtime swift 160 160 /var/lib/swift /sbin/nologin openstack-swift glance 161 161 /var/lib/glance /sbin/nologin openstack-glance nova 162 162 /var/lib/nova /sbin/nologin openstack-nova keystone 163 163 /var/lib/keystone /sbin/nologin openstack-keystone quantum 164 164 /var/lib/quantum /sbin/nologin openstack-quantum cinder 165 165 /var/lib/cinder /sbin/nologin openstack-cinder ceilometer 166 166 /var/lib/ceilometer /sbin/nologin openstack-ceilometer ceph 167 167 /var/lib/ceph /sbin/nologin ceph-common avahi-autoipd 170 170 /var/lib/avahi-autoipd /sbin/nologin avahi pulse 171 171 /var/run/pulse /sbin/nologin pulseaudio rtkit 172 172 /proc /sbin/nologin rtkit abrt 173 173 /etc/abrt /sbin/nologin abrt retrace 174 174 /usr/share/retrace-server /sbin/nologin retrace-server ovirtagent 175 175 / /sbin/nologin ovirt-guest-agent ats 176 176 / /sbin/nologin trafficserver dhcpd 177 177 / /sbin/nologin dhcp myproxy 178 178 /var/lib/myproxy /sbin/nologin myproxy-server sanlock 179 179 /var/run/sanlock /sbin/nologin sanlock aeolus 180 180 /var/aeolus /sbin/nologin aeolus-configure wallaby 181 181 /var/lib/wallaby /sbin/nologin wallaby katello 182 182 /usr/share/katello /sbin/nologin katello-common elasticsearch 183 183 /usr/share/java/elasticsearch /sbin/nologin elasticsearch mongodb 184 184 /var/lib/mongodb /sbin/nologin mongodb jboss 185 185 /var/lib/jbossas /sbin/nologin jbossas-core #was jboss-as and wildfly jbosson-agent 186 - / /sbin/nologin jboss-on-agent jbosson - 186 - - jboss-on-agent heat 187 187 /var/lib/heat /sbin/nologin heat haproxy 188 188 /var/lib/haproxy /sbin/nologin haproxy hacluster 189 - / /sbin/nologin pacemaker haclient - 189 - - pacemaker systemd-journal - 190 - - systemd systemd-journal-gateway 191 191 / /sbin/nologin systemd #systemd-journal-gateway dynamic on new systems (may have different uid/gid) systemd-network 192 192 / /sbin/nologin systemd systemd-resolve 193 193 / /sbin/nologin systemd gnats ? ? ? ? gnats, gnats-db listar ? ? ? ? listar nfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils # Note: nfsnobody is 4294967294 on 64-bit platforms (-2)
在未来,系统保留UID值范围可能会扩大。现在在RHEL7官方文档中,已经推荐使用5000作为新建账户的最小UID值,怎么样来修改创建账号是最小UID,GID起始值及一些其他设置呢?
通过查看/etc/login.defs文件我们会发现,关于创建账号时的一些默认选项都会在这个文件内有设置。
#邮件选项 # *REQUIRED* # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define both, MAIL_DIR takes precedence. # QMAIL_DIR is for Qmail # #QMAIL_DIR Maildir MAIL_DIR /var/spool/mail #MAIL_FILE .mail #密码控制策略 # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 #UID起止范围设置,此处最小值被我修改为5000,最大值为60000. # # Min/max values for automatic uid selection in useradd # UID_MIN 5000 UID_MAX 60000 # System accounts SYS_UID_MIN 201 SYS_UID_MAX 999 #GID起止范围设置,此处最小值被我修改为5000,最大值为60000. # # Min/max values for automatic gid selection in groupadd # GID_MIN 5000 GID_MAX 60000 # System accounts SYS_GID_MIN 201 SYS_GID_MAX 999 #删除用户选项 # # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # #USERDEL_CMD /usr/sbin/userdel_local #是否创建用户目录 # # If useradd should create home directories for users by default # On RH systems, we do. This option is overridden with the -m flag on # useradd command line. # CREATE_HOME yes #umask设置 # The permission mask is initialized to this value. If not specified, # the permission mask will be initialized to 022. UMASK 077 #移除用户同时移除该用户原来所在除了原用户之外没有其他没有成员的组。 # This enables userdel to remove user groups if no members exist. # USERGROUPS_ENAB yes # Use SHA512 to encrypt password.
这个配置文件简洁直观,只需要按照自己的需要修改即可。不作过多解释。
相关文章推荐
- Win7和Centos7 安装后修改系统默认引导设置
- linux上修改系统默认语言设置
- Android修改系统默认设置
- Android framework系统默认设置修改
- Android framework系统默认设置修改----重要的设置后台进程数
- 修改CentOS 6.4 root用户的系统默认语言设置
- Android framework系统默认设置修改
- linux普通用户UID和GID不同,创建文件和目录默认权限不同
- RHEL6基础三十二之系统默认语言修改
- Python 设置系统默认编码以及其他编码问题大全
- Spring bean 的5个作用域 Spring Bean的默认作用域为:singleton。它相比其他作用域的优点是系统开销小,Bean实例一旦创建成功便可重复使用。 1.singleton作用域
- Redhat 7修改默认运行级别方法 --RHEL7使用systemd创建符号链接指向默认运行级别
- 二.maven的项目创建格式及修改Repository的默认路径设置
- 修改CentOS7系统默认运行级别
- Android framework系统默认设置修改
- 修改 linux 默认启动级别 设置系统时间 定时关机
- Android framework系统默认设置修改
- 修改 linux 默认启动级别 设置系统时间 定时关机
- Android系统移植与调试之------->如何修改Android默认字体大小和设置里面字体大小比例
- Postgresql 创建用户 可登录 设置权限 配置 远程登录 修改默认用户密码