在RHEL7或CentOS7中修改创建账号时系统默认UID、GID最小起始值及其他设置

大家应该都知道,在Linux系统中,1000以下的UID是系统保留的UID。随意修改系统上某些帐号的 UID 很可能会导致某些程序无法进行,甚至导致系统无法顺利运行。我们可以通过/usr/share/doc/setup-2.8.71/uidgid来查看具体对应关系,当然不同的版本路径可能不一样,可以用/usr/share/doc/setup*/uidgid来通配。

NAME    UID GID HOME        SHELL   PACKAGES
root    0   0   /root       /bin/bash   setup
bin 1   1   /bin        /sbin/nologin   setup
daemon  2   2   /sbin       /sbin/nologin   setup
sys -   3   -       -   setup
adm 3   4   /var/adm        /bin/bash   setup
tty -   5   -       -   setup
disk    -   6   -       -   setup
lp  4   7   /var/spool/lpd      /sbin/nologin   setup
mem -   8   -       -   setup
kmem    -   9   -       -   setup
wheel   -   10  -       -   setup
cdrom   -   11  -       -   setup
sync    5   (0) /sbin       /bin/sync   setup
shutdown    6   (0) /sbin       /sbin/shutdown  setup
halt    7   (0) /sbin       /sbin/halt  setup
mail    8   12  /var/spool/mail     /sbin/nologin   setup
news    9   13  /var/spool/news     /sbin/nologin   setup
uucp    10  14  /var/spool/uucp     /sbin/nologin   uucp
operator    11  (0) /root       /sbin/nologin   setup
games   12  (100)   /usr/games      /sbin/nologin   setup
gopher  13  30  /var/gopher     /sbin/nologin   -(not created by default)
ftp 14  50  /var/ftp        /sbin/nologin   setup
man -   15  -       -   setup
oprofile    16  16  /var/lib/oprofile       /sbin/nologin   oprofile
pkiuser 17  17  /usr/share/pki      /sbin/nologin   pki-ca,rhpki-ca
dialout -   18  -       -   setup
floppy  -   19  -       -   setup
games   -   20  -       -   setup
slocate -   21  -       -   slocate
utmp    -   22  -       -   initscripts,libutempter
squid   23  23  /var/spool/squid        /dev/null   squid
pvm 24  24  /usr/share/pvm3     /bin/bash   pvm
named   25  25  /var/named      /bin/false  bind
postgres    26  26  /var/lib/pgsql      /bin/bash   postgresql-server
mysql   27  27  /var/lib/mysql      /bin/bash   mysql
nscd    28  28  /       /bin/false  nscd
rpcuser 29  29  /var/lib/nfs        /bin/false  nfs-utils
console -   31  -       -   dev
rpc 32  32  /       /bin/false  portmap
amandabackup    33  (6) /var/lib/amanda     /bin/false  amanda
tape    -   33  -       -   setup
netdump 34  34  /var/crash      /bin/bash   netdump-client, netdump-server
utempter    -   35  -       -   libutempter
vdsm    36  -   /       /bin/bash   kvm, vdsm
kvm -   36  -       -   kvm, vdsm, libvirt
rpm 37  37  /var/lib/rpm        /bin/bash   rpm
ntp 38  38  /etc/ntp        /sbin/nologin   ntp
video   -   39  -       -   setup
dip -   40  -       -   ppp
mailman 41  41  /var/mailman        /bin/false  mailman
gdm 42  42  /var/gdm        /bin/bash   gdm
xfs 43  43  /etc/X11/fs     /bin/false  XFree86-xfs
pppusers    -   44  -       -   linuxconf
popusers    -   45  -       -   linuxconf
slipusers   -   46  -       -   linuxconf
mailnull    47  47  /var/spool/mqueue       /dev/null   sendmail
apache  48  48  /var/www        /bin/false  apache
wnn 49  49  /home/wnn       /bin/bash   FreeWnn
smmsp   51  51  /var/spool/mqueue       /dev/null   sendmail
puppet  52  52  /var/lib/puppet     /sbin/nologin   puppet
tomcat  53  53  /var/lib/tomcat     /sbin/nologin   tomcat
lock    -   54  -       -   lockdev
ldap    55  55  /var/lib/ldap       /bin/false  openldap-servers
frontpage   56  56  /var/www        /bin/false  mod_frontpage
nut 57  57  /var/lib/ups        /bin/false  nut
beagleindex 58  58  /var/cache/beagle       /bin/false  beagle
tss 59  59  -       /sbin/nologin   trousers
piranha 60  60  /etc/sysconfig/ha       /dev/null   piranha
prelude-manager 61  61  -       /sbin/nologin   prelude-manager
snortd  62  62  -       /sbin/nologin   snortd
audio   -   63  -       -   setup
condor  64  64  /var/lib/condor     /sbin/nologin   condord
nslcd   65  (55)    /       /sbin/nologin   nslcd
wine    -   66  -       -   wine
pegasus 66  65  /var/lib/Pegasus        /sbin/nologin   tog-pegasus
webalizer   67  67  /var/www/html/usage     /sbin/nologin   webalizer
haldaemon   68  68  /       /sbin/nologin   hal
vcsa    69  69  -       /sbin/nologin   dev,MAKEDEV
avahi   70  70  /var/run/avahi-daemon       /sbin/nologin   avahi
realtime    -   71  -       -   -
tcpdump 72  72  /       /sbin/nologin   tcpdump
privoxy 73  73  /etc/privoxy        /bin/bash   privoxy
sshd    74  74  /var/empty/sshd     /sbin/nologin   openssh-server
radvd   75  75  /       /bin/false  radvd
cyrus   76  (12)    /var/imap       /bin/bash   cyrus-imapd
saslauth    -   76  -       -   cyrus-imapd
arpwatch    77  77  /var/lib/arpwatch       /sbin/nologin   arpwatch
fax 78  78  /var/spool/fax      /sbin/nologin   mgetty
nocpulse    79  79  /etc/sysconfig/nocpulse     /bin/bash   nocpulse
desktop 80  80  -       /sbin/nologin   desktop-file-utils
dbus    81  81  /       /sbin/nologin   dbus
jonas   82  82  /var/lib/jonas      /sbin/nologin   jonas
clamav  83  83  /tmp        /sbin/nologin   clamav
screen  -   84  -       -   screen
quaggavt    -   85  -       -   quagga
sabayon 86  86  -       /sbin/nologin   sabayon
polkituser  87  87  /       /sbin/nologin   PolicyKit
wbpriv  -   88  -       -   samba-common
postfix 89  89  /var/spool/postfix      /bin/true   postfix
postdrop    -   90  -       -   postfix
majordomo   91  91  /usr/lib/majordomo      /bin/bash   majordomo
quagga  92  92  /       /sbin/nologin   quagga
exim    93  93  /var/spool/exim     /sbin/nologin   exim
distcache   94  94  /       /sbin/nologin   distcache
radiusd 95  95  /       /bin/false  freeradius
hsqldb  96  96  /var/lib/hsqldb     /sbin/nologin   hsqldb
dovecot 97  97  /usr/libexec/dovecot        /sbin/nologin   dovecot
ident   98  98  /       /sbin/nologin   ident
nobody  99  99  /       /sbin/nologin   setup
users   -   100 -       -   setup
qemu    107 107 /       /sbin/nologin   libvirt
ovirt   108 108 /       /sbin/nologin   libvirt
rhevm   109 109 /home/rhevm     /sbin/nologin   vdsm-reg
jetty   110 110 /usr/share/jetty        /sbin/nologin   jetty
saned   111 111 /       /sbin/nologin   sane-backends
vhostmd 112 112 /usr/share/vhostmd      /sbin/nologin   vhostmd
usbmuxd 113 113 /       /sbin/nologin   usbmuxd
bacula  133 133 /var/spool/bacula       /sbin/nologin   bacula
cimsrvr 134 134 /       /sbin/nologin   tog-pegasus-libs
mock    -   135 /       -   mock
ricci   140 140 /var/lib/ricci      /sbin/nologin   ricci
luci    141 141 /var/lib/luci       /sbin/nologin   luci
activemq    142 142 /usr/share/activemq     /sbin/nologin   activemq
stap-server 155 155 /var/lib/stap-server        /sbin/nologin   systemtap
stapusr -   156 /       -   systemtap-runtime
stapsys -   157 /       -   systemtap-runtime
stapdev -   158 /       -   systemtap-runtime
swift   160 160 /var/lib/swift      /sbin/nologin   openstack-swift
glance  161 161 /var/lib/glance     /sbin/nologin   openstack-glance
nova    162 162 /var/lib/nova       /sbin/nologin   openstack-nova
keystone    163 163 /var/lib/keystone       /sbin/nologin   openstack-keystone
quantum 164 164 /var/lib/quantum        /sbin/nologin   openstack-quantum
cinder  165 165 /var/lib/cinder     /sbin/nologin   openstack-cinder
ceilometer  166 166 /var/lib/ceilometer     /sbin/nologin   openstack-ceilometer
ceph    167 167 /var/lib/ceph       /sbin/nologin   ceph-common
avahi-autoipd   170 170 /var/lib/avahi-autoipd      /sbin/nologin   avahi
pulse   171 171 /var/run/pulse      /sbin/nologin   pulseaudio
rtkit   172 172 /proc       /sbin/nologin   rtkit
abrt    173 173 /etc/abrt       /sbin/nologin   abrt
retrace 174 174 /usr/share/retrace-server       /sbin/nologin   retrace-server
ovirtagent  175 175 /       /sbin/nologin   ovirt-guest-agent
ats 176 176 /       /sbin/nologin   trafficserver
dhcpd   177 177 /       /sbin/nologin   dhcp
myproxy 178 178 /var/lib/myproxy        /sbin/nologin   myproxy-server
sanlock 179 179 /var/run/sanlock        /sbin/nologin   sanlock
aeolus  180 180 /var/aeolus     /sbin/nologin   aeolus-configure
wallaby 181 181 /var/lib/wallaby        /sbin/nologin   wallaby
katello 182 182 /usr/share/katello      /sbin/nologin   katello-common
elasticsearch   183 183 /usr/share/java/elasticsearch       /sbin/nologin   elasticsearch
mongodb 184 184 /var/lib/mongodb        /sbin/nologin   mongodb
jboss   185 185 /var/lib/jbossas        /sbin/nologin   jbossas-core    #was jboss-as and wildfly
jbosson-agent   186 -   /       /sbin/nologin   jboss-on-agent
jbosson -   186 -       -   jboss-on-agent
heat    187 187 /var/lib/heat       /sbin/nologin   heat
haproxy 188 188 /var/lib/haproxy        /sbin/nologin   haproxy
hacluster   189 -   /       /sbin/nologin   pacemaker
haclient    -   189 -       -   pacemaker
systemd-journal -   190 -       -   systemd
systemd-journal-gateway 191 191 /       /sbin/nologin   systemd
#systemd-journal-gateway dynamic on new systems (may have different uid/gid)
systemd-network 192 192 /       /sbin/nologin   systemd
systemd-resolve 193 193 /       /sbin/nologin   systemd
gnats   ?   ?   ?       ?   gnats, gnats-db
listar  ?   ?   ?       ?   listar
nfsnobody   65534   65534   /var/lib/nfs        /sbin/nologin   nfs-utils
# Note: nfsnobody is 4294967294 on 64-bit platforms (-2)

在未来,系统保留UID值范围可能会扩大。现在在RHEL7官方文档中,已经推荐使用5000作为新建账户的最小UID值,怎么样来修改创建账号是最小UID,GID起始值及一些其他设置呢? 通过查看/etc/login.defs文件我们会发现,关于创建账号时的一些默认选项都会在这个文件内有设置。

#邮件选项
# *REQUIRED*
#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#   QMAIL_DIR is for Qmail
#
#QMAIL_DIR  Maildir
MAIL_DIR    /var/spool/mail
#MAIL_FILE  .mail

#密码控制策略
# Password aging controls:
#
#   PASS_MAX_DAYS   Maximum number of days a password may be used.
#   PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#   PASS_MIN_LEN    Minimum acceptable password length.
#   PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

#UID起止范围设置,此处最小值被我修改为5000,最大值为60000.
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN                  5000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               201
SYS_UID_MAX               999

#GID起止范围设置,此处最小值被我修改为5000,最大值为60000.
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                  5000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               201
SYS_GID_MAX               999

#删除用户选项
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD    /usr/sbin/userdel_local

#是否创建用户目录
#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes

#umask设置
# The permission mask is initialized to this value. If not specified, 
# the permission mask will be initialized to 022.
UMASK           077

#移除用户同时移除该用户原来所在除了原用户之外没有其他没有成员的组。
# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes

# Use SHA512 to encrypt password.

这个配置文件简洁直观,只需要按照自己的需要修改即可。不作过多解释。

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

来自专栏A周立SpringCloud

使用Feign实现Form表单提交

之前,笔者写了《使用Spring Cloud Feign上传文件》。近日,有同事在对接遗留的Struts古董系统,需要使用Feign实现Form表单提交。其实步...

59560
来自专栏生信技能树

小鼠全基因组数据分析

We performed WGS on a CRISPR–Cas9-edited mouse to identify all off-target mutati...

36320
来自专栏Laoqi's Linux运维专列

LAMP安装mysql 时遇到的问题汇总

1: 缺少 libaio 包, libaio是Linux下的一个异步非阻塞方式读写文件的接口。 1 2 3 [[email protect...

40160
来自专栏张善友的专栏

How to Select an Object-Relational Mapping Tool for .NET

The single, most important trap to watch out for when choosing an object-relatio...

18080
来自专栏杨建荣的学习笔记

oracle工具集初探(r4笔记第8天)

今天无意中看了下ORACLE_HOME/bin下面的东西,发现里面还是存在不少的东西。除了常用的sqlplus,tnsping,rman,exp/expdp,i...

30940
来自专栏菩提树下的杨过

Spring Security笔记:使用数据库进行用户认证(form login using database)

在前一节,学习了如何自定义登录页,但是用户名、密码仍然是配置在xml中的,这样显然太非主流,本节将学习如何把用户名/密码/角色存储在db中,通过db来实现用户认...

21910
来自专栏杨建荣的学习笔记

备库报警邮件的分析案例(一) (r7笔记第14天)

今天早上到了公司后,收到了这样一封报警邮件,发现收到备库的报警案例也比较多,着实颠覆了我对备库基本不需要关注管理的观点。后面可以把几个案例做成一个主题来说说。 ...

34130
来自专栏芋道源码1024

注册中心 Eureka 源码解析 —— Eureka-Server 启动(二)之 EurekaBootStrap

本文主要基于 Eureka 1.8.X 版本 1. 概述 2. EurekaBootStrap 2.1 初始化 Eureka-Server 配置环境 2.2 初...

84340
来自专栏10km的专栏

windows下msvc/mingw静态编译 lmdb的CMakeLists.txt

LMDB的全称是Lightning Memory-Mapped Database,闪电般的内存映射数据库,在github可以找到源码 https://git...

35360
来自专栏软件开发

Spring MVC 学习总结(十一)——IDEA+Maven+多模块实现SSM框架集成

与SSH(Struts/Spring/Hibernate/)一样,Spring+SpringMVC+MyBatis也有一个简称SSM,Spring实现业务对象管...

33620

扫码关注云+社区

领取腾讯云代金券