Merge "Lower UID/GID range max to make way for containers"
This commit is contained in:
commit
1129e6855a
88
playbooks/roles/base/users/files/Debian/adduser.conf
Normal file
88
playbooks/roles/base/users/files/Debian/adduser.conf
Normal file
@ -0,0 +1,88 @@
|
||||
# /etc/adduser.conf: `adduser' configuration.
|
||||
# See adduser(8) and adduser.conf(5) for full documentation.
|
||||
|
||||
# The DSHELL variable specifies the default login shell on your
|
||||
# system.
|
||||
DSHELL=/bin/bash
|
||||
|
||||
# The DHOME variable specifies the directory containing users' home
|
||||
# directories.
|
||||
DHOME=/home
|
||||
|
||||
# If GROUPHOMES is "yes", then the home directories will be created as
|
||||
# /home/groupname/user.
|
||||
GROUPHOMES=no
|
||||
|
||||
# If LETTERHOMES is "yes", then the created home directories will have
|
||||
# an extra directory - the first letter of the user name. For example:
|
||||
# /home/u/user.
|
||||
LETTERHOMES=no
|
||||
|
||||
# The SKEL variable specifies the directory containing "skeletal" user
|
||||
# files; in other words, files such as a sample .profile that will be
|
||||
# copied to the new user's home directory when it is created.
|
||||
SKEL=/etc/skel
|
||||
|
||||
# FIRST_SYSTEM_[GU]ID to LAST_SYSTEM_[GU]ID inclusive is the range for UIDs
|
||||
# for dynamically allocated administrative and system accounts/groups.
|
||||
# Please note that system software, such as the users allocated by the base-passwd
|
||||
# package, may assume that UIDs less than 100 are unallocated.
|
||||
FIRST_SYSTEM_UID=100
|
||||
LAST_SYSTEM_UID=999
|
||||
|
||||
FIRST_SYSTEM_GID=100
|
||||
LAST_SYSTEM_GID=999
|
||||
|
||||
# FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically
|
||||
# allocated user accounts/groups.
|
||||
FIRST_UID=3000
|
||||
LAST_UID=9999
|
||||
|
||||
FIRST_GID=3000
|
||||
LAST_GID=9999
|
||||
|
||||
# The USERGROUPS variable can be either "yes" or "no". If "yes" each
|
||||
# created user will be given their own group to use as a default. If
|
||||
# "no", each created user will be placed in the group whose gid is
|
||||
# USERS_GID (see below).
|
||||
USERGROUPS=yes
|
||||
|
||||
# If USERGROUPS is "no", then USERS_GID should be the GID of the group
|
||||
# `users' (or the equivalent group) on your system.
|
||||
USERS_GID=100
|
||||
|
||||
# If DIR_MODE is set, directories will be created with the specified
|
||||
# mode. Otherwise the default mode 0755 will be used.
|
||||
DIR_MODE=0755
|
||||
|
||||
# If SETGID_HOME is "yes" home directories for users with their own
|
||||
# group the setgid bit will be set. This was the default for
|
||||
# versions << 3.13 of adduser. Because it has some bad side effects we
|
||||
# no longer do this per default. If you want it nevertheless you can
|
||||
# still set it here.
|
||||
SETGID_HOME=no
|
||||
|
||||
# If QUOTAUSER is set, a default quota will be set from that user with
|
||||
# `edquota -p QUOTAUSER newuser'
|
||||
QUOTAUSER=""
|
||||
|
||||
# If SKEL_IGNORE_REGEX is set, adduser will ignore files matching this
|
||||
# regular expression when creating a new home directory
|
||||
SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"
|
||||
|
||||
# Set this if you want the --add_extra_groups option to adduser to add
|
||||
# new users to other groups.
|
||||
# This is the list of groups that new non-system users will be added to
|
||||
# Default:
|
||||
#EXTRA_GROUPS="dialout cdrom floppy audio video plugdev users"
|
||||
|
||||
# If ADD_EXTRA_GROUPS is set to something non-zero, the EXTRA_GROUPS
|
||||
# option above will be default behavior for adding new, non-system users
|
||||
#ADD_EXTRA_GROUPS=1
|
||||
|
||||
|
||||
# check user and group names also against this regular expression.
|
||||
#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
|
||||
|
||||
# use extrausers by default
|
||||
#USE_EXTRAUSERS=1
|
@ -166,7 +166,7 @@ PASS_WARN_AGE 7
|
||||
#
|
||||
SYS_UID_MAX 999
|
||||
UID_MIN 3000
|
||||
UID_MAX 60000
|
||||
UID_MAX 9999
|
||||
# System accounts
|
||||
#SYS_UID_MIN 100
|
||||
#SYS_UID_MAX 999
|
||||
@ -176,7 +176,7 @@ UID_MAX 60000
|
||||
#
|
||||
SYS_GID_MAX 999
|
||||
GID_MIN 3000
|
||||
GID_MAX 60000
|
||||
GID_MAX 9999
|
||||
# System accounts
|
||||
#SYS_GID_MIN 100
|
||||
#SYS_GID_MAX 999
|
||||
|
@ -15,6 +15,14 @@
|
||||
group: root
|
||||
mode: 0440
|
||||
|
||||
- name: Setup adduser.conf file
|
||||
copy:
|
||||
dest: /etc/adduser.conf
|
||||
src: '{{ ansible_facts.os_family }}/adduser.conf'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Setup login.defs file
|
||||
copy:
|
||||
dest: /etc/login.defs
|
||||
|
Loading…
x
Reference in New Issue
Block a user