在RHEL7或CentOS7中修改创建账号时系统默认UID、GID最小起始值及其他设置
在RHEL7或CentOS7中修改创建账号时系统默认UID、GID最小起始值及其他设置
耕耘实录
发布于 2018-12-20 12:14:38
发布于 2018-12-20 12:14:38
大家应该都知道,在Linux系统中,1000以下的UID是系统保留的UID。随意修改系统上某些帐号的 UID 很可能会导致某些程序无法进行,甚至导致系统无法顺利运行。我们可以通过/usr/share/doc/setup-2.8.71/uidgid来查看具体对应关系,当然不同的版本路径可能不一样,可以用/usr/share/doc/setup*/uidgid来通配。
NAME UID GID HOME SHELL PACKAGES
root 0 0 /root /bin/bash setup
bin 1 1 /bin /sbin/nologin setup
daemon 2 2 /sbin /sbin/nologin setup
sys - 3 - - setup
adm 3 4 /var/adm /bin/bash setup
tty - 5 - - setup
disk - 6 - - setup
lp 4 7 /var/spool/lpd /sbin/nologin setup
mem - 8 - - setup
kmem - 9 - - setup
wheel - 10 - - setup
cdrom - 11 - - setup
sync 5 (0) /sbin /bin/sync setup
shutdown 6 (0) /sbin /sbin/shutdown setup
halt 7 (0) /sbin /sbin/halt setup
mail 8 12 /var/spool/mail /sbin/nologin setup
news 9 13 /var/spool/news /sbin/nologin setup
uucp 10 14 /var/spool/uucp /sbin/nologin uucp
operator 11 (0) /root /sbin/nologin setup
games 12 (100) /usr/games /sbin/nologin setup
gopher 13 30 /var/gopher /sbin/nologin -(not created by default)
ftp 14 50 /var/ftp /sbin/nologin setup
man - 15 - - setup
oprofile 16 16 /var/lib/oprofile /sbin/nologin oprofile
pkiuser 17 17 /usr/share/pki /sbin/nologin pki-ca,rhpki-ca
dialout - 18 - - setup
floppy - 19 - - setup
games - 20 - - setup
slocate - 21 - - slocate
utmp - 22 - - initscripts,libutempter
squid 23 23 /var/spool/squid /dev/null squid
pvm 24 24 /usr/share/pvm3 /bin/bash pvm
named 25 25 /var/named /bin/false bind
postgres 26 26 /var/lib/pgsql /bin/bash postgresql-server
mysql 27 27 /var/lib/mysql /bin/bash mysql
nscd 28 28 / /bin/false nscd
rpcuser 29 29 /var/lib/nfs /bin/false nfs-utils
console - 31 - - dev
rpc 32 32 / /bin/false portmap
amandabackup 33 (6) /var/lib/amanda /bin/false amanda
tape - 33 - - setup
netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server
utempter - 35 - - libutempter
vdsm 36 - / /bin/bash kvm, vdsm
kvm - 36 - - kvm, vdsm, libvirt
rpm 37 37 /var/lib/rpm /bin/bash rpm
ntp 38 38 /etc/ntp /sbin/nologin ntp
video - 39 - - setup
dip - 40 - - ppp
mailman 41 41 /var/mailman /bin/false mailman
gdm 42 42 /var/gdm /bin/bash gdm
xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs
pppusers - 44 - - linuxconf
popusers - 45 - - linuxconf
slipusers - 46 - - linuxconf
mailnull 47 47 /var/spool/mqueue /dev/null sendmail
apache 48 48 /var/www /bin/false apache
wnn 49 49 /home/wnn /bin/bash FreeWnn
smmsp 51 51 /var/spool/mqueue /dev/null sendmail
puppet 52 52 /var/lib/puppet /sbin/nologin puppet
tomcat 53 53 /var/lib/tomcat /sbin/nologin tomcat
lock - 54 - - lockdev
ldap 55 55 /var/lib/ldap /bin/false openldap-servers
frontpage 56 56 /var/www /bin/false mod_frontpage
nut 57 57 /var/lib/ups /bin/false nut
beagleindex 58 58 /var/cache/beagle /bin/false beagle
tss 59 59 - /sbin/nologin trousers
piranha 60 60 /etc/sysconfig/ha /dev/null piranha
prelude-manager 61 61 - /sbin/nologin prelude-manager
snortd 62 62 - /sbin/nologin snortd
audio - 63 - - setup
condor 64 64 /var/lib/condor /sbin/nologin condord
nslcd 65 (55) / /sbin/nologin nslcd
wine - 66 - - wine
pegasus 66 65 /var/lib/Pegasus /sbin/nologin tog-pegasus
webalizer 67 67 /var/www/html/usage /sbin/nologin webalizer
haldaemon 68 68 / /sbin/nologin hal
vcsa 69 69 - /sbin/nologin dev,MAKEDEV
avahi 70 70 /var/run/avahi-daemon /sbin/nologin avahi
realtime - 71 - - -
tcpdump 72 72 / /sbin/nologin tcpdump
privoxy 73 73 /etc/privoxy /bin/bash privoxy
sshd 74 74 /var/empty/sshd /sbin/nologin openssh-server
radvd 75 75 / /bin/false radvd
cyrus 76 (12) /var/imap /bin/bash cyrus-imapd
saslauth - 76 - - cyrus-imapd
arpwatch 77 77 /var/lib/arpwatch /sbin/nologin arpwatch
fax 78 78 /var/spool/fax /sbin/nologin mgetty
nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse
desktop 80 80 - /sbin/nologin desktop-file-utils
dbus 81 81 / /sbin/nologin dbus
jonas 82 82 /var/lib/jonas /sbin/nologin jonas
clamav 83 83 /tmp /sbin/nologin clamav
screen - 84 - - screen
quaggavt - 85 - - quagga
sabayon 86 86 - /sbin/nologin sabayon
polkituser 87 87 / /sbin/nologin PolicyKit
wbpriv - 88 - - samba-common
postfix 89 89 /var/spool/postfix /bin/true postfix
postdrop - 90 - - postfix
majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo
quagga 92 92 / /sbin/nologin quagga
exim 93 93 /var/spool/exim /sbin/nologin exim
distcache 94 94 / /sbin/nologin distcache
radiusd 95 95 / /bin/false freeradius
hsqldb 96 96 /var/lib/hsqldb /sbin/nologin hsqldb
dovecot 97 97 /usr/libexec/dovecot /sbin/nologin dovecot
ident 98 98 / /sbin/nologin ident
nobody 99 99 / /sbin/nologin setup
users - 100 - - setup
qemu 107 107 / /sbin/nologin libvirt
ovirt 108 108 / /sbin/nologin libvirt
rhevm 109 109 /home/rhevm /sbin/nologin vdsm-reg
jetty 110 110 /usr/share/jetty /sbin/nologin jetty
saned 111 111 / /sbin/nologin sane-backends
vhostmd 112 112 /usr/share/vhostmd /sbin/nologin vhostmd
usbmuxd 113 113 / /sbin/nologin usbmuxd
bacula 133 133 /var/spool/bacula /sbin/nologin bacula
cimsrvr 134 134 / /sbin/nologin tog-pegasus-libs
mock - 135 / - mock
ricci 140 140 /var/lib/ricci /sbin/nologin ricci
luci 141 141 /var/lib/luci /sbin/nologin luci
activemq 142 142 /usr/share/activemq /sbin/nologin activemq
stap-server 155 155 /var/lib/stap-server /sbin/nologin systemtap
stapusr - 156 / - systemtap-runtime
stapsys - 157 / - systemtap-runtime
stapdev - 158 / - systemtap-runtime
swift 160 160 /var/lib/swift /sbin/nologin openstack-swift
glance 161 161 /var/lib/glance /sbin/nologin openstack-glance
nova 162 162 /var/lib/nova /sbin/nologin openstack-nova
keystone 163 163 /var/lib/keystone /sbin/nologin openstack-keystone
quantum 164 164 /var/lib/quantum /sbin/nologin openstack-quantum
cinder 165 165 /var/lib/cinder /sbin/nologin openstack-cinder
ceilometer 166 166 /var/lib/ceilometer /sbin/nologin openstack-ceilometer
ceph 167 167 /var/lib/ceph /sbin/nologin ceph-common
avahi-autoipd 170 170 /var/lib/avahi-autoipd /sbin/nologin avahi
pulse 171 171 /var/run/pulse /sbin/nologin pulseaudio
rtkit 172 172 /proc /sbin/nologin rtkit
abrt 173 173 /etc/abrt /sbin/nologin abrt
retrace 174 174 /usr/share/retrace-server /sbin/nologin retrace-server
ovirtagent 175 175 / /sbin/nologin ovirt-guest-agent
ats 176 176 / /sbin/nologin trafficserver
dhcpd 177 177 / /sbin/nologin dhcp
myproxy 178 178 /var/lib/myproxy /sbin/nologin myproxy-server
sanlock 179 179 /var/run/sanlock /sbin/nologin sanlock
aeolus 180 180 /var/aeolus /sbin/nologin aeolus-configure
wallaby 181 181 /var/lib/wallaby /sbin/nologin wallaby
katello 182 182 /usr/share/katello /sbin/nologin katello-common
elasticsearch 183 183 /usr/share/java/elasticsearch /sbin/nologin elasticsearch
mongodb 184 184 /var/lib/mongodb /sbin/nologin mongodb
jboss 185 185 /var/lib/jbossas /sbin/nologin jbossas-core #was jboss-as and wildfly
jbosson-agent 186 - / /sbin/nologin jboss-on-agent
jbosson - 186 - - jboss-on-agent
heat 187 187 /var/lib/heat /sbin/nologin heat
haproxy 188 188 /var/lib/haproxy /sbin/nologin haproxy
hacluster 189 - / /sbin/nologin pacemaker
haclient - 189 - - pacemaker
systemd-journal - 190 - - systemd
systemd-journal-gateway 191 191 / /sbin/nologin systemd
#systemd-journal-gateway dynamic on new systems (may have different uid/gid)
systemd-network 192 192 / /sbin/nologin systemd
systemd-resolve 193 193 / /sbin/nologin systemd
gnats ? ? ? ? gnats, gnats-db
listar ? ? ? ? listar
nfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils
# Note: nfsnobody is 4294967294 on 64-bit platforms (-2)在未来,系统保留UID值范围可能会扩大。现在在RHEL7官方文档中,已经推荐使用5000作为新建账户的最小UID值,怎么样来修改创建账号是最小UID,GID起始值及一些其他设置呢? 通过查看/etc/login.defs文件我们会发现,关于创建账号时的一些默认选项都会在这个文件内有设置。
#邮件选项
# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
#密码控制策略
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
#UID起止范围设置,此处最小值被我修改为5000,最大值为60000.
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 5000
UID_MAX 60000
# System accounts
SYS_UID_MIN 201
SYS_UID_MAX 999
#GID起止范围设置,此处最小值被我修改为5000,最大值为60000.
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 5000
GID_MAX 60000
# System accounts
SYS_GID_MIN 201
SYS_GID_MAX 999
#删除用户选项
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#是否创建用户目录
#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes
#umask设置
# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077
#移除用户同时移除该用户原来所在除了原用户之外没有其他没有成员的组。
# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
# Use SHA512 to encrypt password.这个配置文件简洁直观,只需要按照自己的需要修改即可。不作过多解释。
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2017年12月20日,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
相关产品与服务
Elasticsearch Service
腾讯云 Elasticsearch Service(ES)是云端全托管海量数据检索分析服务,拥有高性能自研内核,集成X-Pack。ES 支持通过自治索引、存算分离、集群巡检等特性轻松管理集群,也支持免运维、自动弹性、按需使用的 Serverless 模式。使用 ES 您可以高效构建信息检索、日志分析、运维监控等服务,它独特的向量检索还可助您构建基于语义、图像的AI深度应用。