本文共 10896 字,大约阅读时间需要 36 分钟。
大家应该都知道,在Linux系统中,1000以下的UID是系统保留的UID。随意修改系统上某些帐号的 UID 很可能会导致某些程序无法进行,甚至导致系统无法顺利运行。我们可以通过/usr/share/doc/setup-2.8.71/uidgid来查看具体对应关系,当然不同的版本路径可能不一样,可以用/usr/share/doc/setup*/uidgid来通配。
NAME UID GID HOME SHELL PACKAGESroot 0 0 /root /bin/bash setupbin 1 1 /bin /sbin/nologin setupdaemon 2 2 /sbin /sbin/nologin setupsys - 3 - - setupadm 3 4 /var/adm /bin/bash setuptty - 5 - - setupdisk - 6 - - setuplp 4 7 /var/spool/lpd /sbin/nologin setupmem - 8 - - setupkmem - 9 - - setupwheel - 10 - - setupcdrom - 11 - - setupsync 5 (0) /sbin /bin/sync setupshutdown 6 (0) /sbin /sbin/shutdown setuphalt 7 (0) /sbin /sbin/halt setupmail 8 12 /var/spool/mail /sbin/nologin setupnews 9 13 /var/spool/news /sbin/nologin setupuucp 10 14 /var/spool/uucp /sbin/nologin uucpoperator 11 (0) /root /sbin/nologin setupgames 12 (100) /usr/games /sbin/nologin setupgopher 13 30 /var/gopher /sbin/nologin -(not created by default)ftp 14 50 /var/ftp /sbin/nologin setupman - 15 - - setupoprofile 16 16 /var/lib/oprofile /sbin/nologin oprofilepkiuser 17 17 /usr/share/pki /sbin/nologin pki-ca,rhpki-cadialout - 18 - - setupfloppy - 19 - - setupgames - 20 - - setupslocate - 21 - - slocateutmp - 22 - - initscripts,libutemptersquid 23 23 /var/spool/squid /dev/null squidpvm 24 24 /usr/share/pvm3 /bin/bash pvmnamed 25 25 /var/named /bin/false bindpostgres 26 26 /var/lib/pgsql /bin/bash postgresql-servermysql 27 27 /var/lib/mysql /bin/bash mysqlnscd 28 28 / /bin/false nscdrpcuser 29 29 /var/lib/nfs /bin/false nfs-utilsconsole - 31 - - devrpc 32 32 / /bin/false portmapamandabackup 33 (6) /var/lib/amanda /bin/false amandatape - 33 - - setupnetdump 34 34 /var/crash /bin/bash netdump-client, netdump-serverutempter - 35 - - libutemptervdsm 36 - / /bin/bash kvm, vdsmkvm - 36 - - kvm, vdsm, libvirtrpm 37 37 /var/lib/rpm /bin/bash rpmntp 38 38 /etc/ntp /sbin/nologin ntpvideo - 39 - - setupdip - 40 - - pppmailman 41 41 /var/mailman /bin/false mailmangdm 42 42 /var/gdm /bin/bash gdmxfs 43 43 /etc/X11/fs /bin/false XFree86-xfspppusers - 44 - - linuxconfpopusers - 45 - - linuxconfslipusers - 46 - - linuxconfmailnull 47 47 /var/spool/mqueue /dev/null sendmailapache 48 48 /var/www /bin/false apachewnn 49 49 /home/wnn /bin/bash FreeWnnsmmsp 51 51 /var/spool/mqueue /dev/null sendmailpuppet 52 52 /var/lib/puppet /sbin/nologin puppettomcat 53 53 /var/lib/tomcat /sbin/nologin tomcatlock - 54 - - lockdevldap 55 55 /var/lib/ldap /bin/false openldap-serversfrontpage 56 56 /var/www /bin/false mod_frontpagenut 57 57 /var/lib/ups /bin/false nutbeagleindex 58 58 /var/cache/beagle /bin/false beagletss 59 59 - /sbin/nologin trouserspiranha 60 60 /etc/sysconfig/ha /dev/null piranhaprelude-manager 61 61 - /sbin/nologin prelude-managersnortd 62 62 - /sbin/nologin snortdaudio - 63 - - setupcondor 64 64 /var/lib/condor /sbin/nologin condordnslcd 65 (55) / /sbin/nologin nslcdwine - 66 - - winepegasus 66 65 /var/lib/Pegasus /sbin/nologin tog-pegasuswebalizer 67 67 /var/www/html/usage /sbin/nologin webalizerhaldaemon 68 68 / /sbin/nologin halvcsa 69 69 - /sbin/nologin dev,MAKEDEVavahi 70 70 /var/run/avahi-daemon /sbin/nologin avahirealtime - 71 - - -tcpdump 72 72 / /sbin/nologin tcpdumpprivoxy 73 73 /etc/privoxy /bin/bash privoxysshd 74 74 /var/empty/sshd /sbin/nologin openssh-serverradvd 75 75 / /bin/false radvdcyrus 76 (12) /var/imap /bin/bash cyrus-imapdsaslauth - 76 - - cyrus-imapdarpwatch 77 77 /var/lib/arpwatch /sbin/nologin arpwatchfax 78 78 /var/spool/fax /sbin/nologin mgettynocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulsedesktop 80 80 - /sbin/nologin desktop-file-utilsdbus 81 81 / /sbin/nologin dbusjonas 82 82 /var/lib/jonas /sbin/nologin jonasclamav 83 83 /tmp /sbin/nologin clamavscreen - 84 - - screenquaggavt - 85 - - quaggasabayon 86 86 - /sbin/nologin sabayonpolkituser 87 87 / /sbin/nologin PolicyKitwbpriv - 88 - - samba-commonpostfix 89 89 /var/spool/postfix /bin/true postfixpostdrop - 90 - - postfixmajordomo 91 91 /usr/lib/majordomo /bin/bash majordomoquagga 92 92 / /sbin/nologin quaggaexim 93 93 /var/spool/exim /sbin/nologin eximdistcache 94 94 / /sbin/nologin distcacheradiusd 95 95 / /bin/false freeradiushsqldb 96 96 /var/lib/hsqldb /sbin/nologin hsqldbdovecot 97 97 /usr/libexec/dovecot /sbin/nologin dovecotident 98 98 / /sbin/nologin identnobody 99 99 / /sbin/nologin setupusers - 100 - - setupqemu 107 107 / /sbin/nologin libvirtovirt 108 108 / /sbin/nologin libvirtrhevm 109 109 /home/rhevm /sbin/nologin vdsm-regjetty 110 110 /usr/share/jetty /sbin/nologin jettysaned 111 111 / /sbin/nologin sane-backendsvhostmd 112 112 /usr/share/vhostmd /sbin/nologin vhostmdusbmuxd 113 113 / /sbin/nologin usbmuxdbacula 133 133 /var/spool/bacula /sbin/nologin baculacimsrvr 134 134 / /sbin/nologin tog-pegasus-libsmock - 135 / - mockricci 140 140 /var/lib/ricci /sbin/nologin ricciluci 141 141 /var/lib/luci /sbin/nologin luciactivemq 142 142 /usr/share/activemq /sbin/nologin activemqstap-server 155 155 /var/lib/stap-server /sbin/nologin systemtapstapusr - 156 / - systemtap-runtimestapsys - 157 / - systemtap-runtimestapdev - 158 / - systemtap-runtimeswift 160 160 /var/lib/swift /sbin/nologin openstack-swiftglance 161 161 /var/lib/glance /sbin/nologin openstack-glancenova 162 162 /var/lib/nova /sbin/nologin openstack-novakeystone 163 163 /var/lib/keystone /sbin/nologin openstack-keystonequantum 164 164 /var/lib/quantum /sbin/nologin openstack-quantumcinder 165 165 /var/lib/cinder /sbin/nologin openstack-cinderceilometer 166 166 /var/lib/ceilometer /sbin/nologin openstack-ceilometerceph 167 167 /var/lib/ceph /sbin/nologin ceph-commonavahi-autoipd 170 170 /var/lib/avahi-autoipd /sbin/nologin avahipulse 171 171 /var/run/pulse /sbin/nologin pulseaudiortkit 172 172 /proc /sbin/nologin rtkitabrt 173 173 /etc/abrt /sbin/nologin abrtretrace 174 174 /usr/share/retrace-server /sbin/nologin retrace-serverovirtagent 175 175 / /sbin/nologin ovirt-guest-agentats 176 176 / /sbin/nologin trafficserverdhcpd 177 177 / /sbin/nologin dhcpmyproxy 178 178 /var/lib/myproxy /sbin/nologin myproxy-serversanlock 179 179 /var/run/sanlock /sbin/nologin sanlockaeolus 180 180 /var/aeolus /sbin/nologin aeolus-configurewallaby 181 181 /var/lib/wallaby /sbin/nologin wallabykatello 182 182 /usr/share/katello /sbin/nologin katello-commonelasticsearch 183 183 /usr/share/java/elasticsearch /sbin/nologin elasticsearchmongodb 184 184 /var/lib/mongodb /sbin/nologin mongodbjboss 185 185 /var/lib/jbossas /sbin/nologin jbossas-core #was jboss-as and wildflyjbosson-agent 186 - / /sbin/nologin jboss-on-agentjbosson - 186 - - jboss-on-agentheat 187 187 /var/lib/heat /sbin/nologin heathaproxy 188 188 /var/lib/haproxy /sbin/nologin haproxyhacluster 189 - / /sbin/nologin pacemakerhaclient - 189 - - pacemakersystemd-journal - 190 - - systemdsystemd-journal-gateway 191 191 / /sbin/nologin systemd#systemd-journal-gateway dynamic on new systems (may have different uid/gid)systemd-network 192 192 / /sbin/nologin systemdsystemd-resolve 193 193 / /sbin/nologin systemdgnats ? ? ? ? gnats, gnats-dblistar ? ? ? ? listarnfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils# Note: nfsnobody is 4294967294 on 64-bit platforms (-2)
在未来,系统保留UID值范围可能会扩大。现在在RHEL7官方文档中,已经推荐使用5000作为新建账户的最小UID值,怎么样来修改创建账号是最小UID,GID起始值及一些其他设置呢?
通过查看/etc/login.defs文件我们会发现,关于创建账号时的一些默认选项都会在这个文件内有设置。#邮件选项# *REQUIRED*# Directory where mailboxes reside, _or_ name of file, relative to the# home directory. If you _do_ define both, MAIL_DIR takes precedence.# QMAIL_DIR is for Qmail##QMAIL_DIR MaildirMAIL_DIR /var/spool/mail#MAIL_FILE .mail#密码控制策略# Password aging controls:## PASS_MAX_DAYS Maximum number of days a password may be used.# PASS_MIN_DAYS Minimum number of days allowed between password changes.# PASS_MIN_LEN Minimum acceptable password length.# PASS_WARN_AGE Number of days warning given before a password expires.#PASS_MAX_DAYS 99999PASS_MIN_DAYS 0PASS_MIN_LEN 5PASS_WARN_AGE 7#UID起止范围设置,此处最小值被我修改为5000,最大值为60000.## Min/max values for automatic uid selection in useradd#UID_MIN 5000UID_MAX 60000# System accountsSYS_UID_MIN 201SYS_UID_MAX 999#GID起止范围设置,此处最小值被我修改为5000,最大值为60000.## Min/max values for automatic gid selection in groupadd#GID_MIN 5000GID_MAX 60000# System accountsSYS_GID_MIN 201SYS_GID_MAX 999#删除用户选项## If defined, this command is run when removing a user.# It should remove any at/cron/print jobs etc. owned by# the user to be removed (passed as the first argument).##USERDEL_CMD /usr/sbin/userdel_local#是否创建用户目录## If useradd should create home directories for users by default# On RH systems, we do. This option is overridden with the -m flag on# useradd command line.#CREATE_HOME yes#umask设置# The permission mask is initialized to this value. If not specified, # the permission mask will be initialized to 022.UMASK 077#移除用户同时移除该用户原来所在除了原用户之外没有其他没有成员的组。# This enables userdel to remove user groups if no members exist.#USERGROUPS_ENAB yes# Use SHA512 to encrypt password.
这个配置文件简洁直观,只需要按照自己的需要修改即可。不作过多解释。
转载地址:http://xbtka.baihongyu.com/