etc/login.defs
文件中
#/etc/login.defs文件中
# Min/max values for automatic uid selection in useradd
#
# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
# UIDs for dynamically allocated administrative and system accounts.
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
# allocated user accounts.
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 100
SYS_UID_MAX 499
# Min/max values for automatic gid selection in groupadd
#
# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
# GIDs for dynamically allocated administrative and system groups.
# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
# allocated groups.
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 100
SYS_GID_MAX 499
- 用adduser命令創建用戶的時候,指定 --system 選項, 系統用戶沒密碼而且不能登陸系統的,只能用來運行程序
adduser --system xxx
- 用 adduser +命令創建用戶的時候,指定 --disable-login 選項未設置密碼的用戶進行登陸系統,但是如果設置了密碼,那麼用戶就可以進行登陸
adduser --disable-login xxx
Note: 用戶仍然可以通過ssh進行登陸
- 如果用戶已經被創建,想禁用該用戶從登陸界面登陸,我們可以通過修改你的界面管理器相關配置文件來實現,或者直接通過修改用戶的uid範圍到 1-500
檢測系統是否安裝了AccountsService
AccountsService是一個D-Bus服務用來查詢,管理用戶的信息
Jonans@jonans-Aspire-E1-571G /mnt/D/Developer/WorkPlace/Blog/Linux
master* $ dpkg -S accountsservice
gir1.2-accountsservice-1.0: /usr/share/doc/gir1.2-accountsservice-1.0
gir1.2-accountsservice-1.0: /usr/share/doc/gir1.2-accountsservice-1.0/copyright
libaccountsservice0:amd64: /usr/lib/x86_64-linux-gnu/libaccountsservice.so.0
accountsservice: /usr/share/doc/accountsservice/TODO
accountsservice: /usr/share/doc/accountsservice/copyright
libaccountsservice0:amd64: /usr/share/doc/libaccountsservice0/copyright
libaccountsservice0:amd64: /usr/share/doc/libaccountsservice0/changelog.Debian.gz
accountsservice: /usr/lib/accountsservice
libaccountsservice0:amd64: /usr/lib/x86_64-linux-gnu/libaccountsservice.so.0.0.0
accountsservice: /usr/share/doc/accountsservice/changelog.Debian.gz
accountsservice: /usr/share/doc/accountsservice
accountsservice: /usr/share/doc/accountsservice/README
libaccountsservice0:amd64: /usr/share/doc/libaccountsservice0
gir1.2-accountsservice-1.0: /usr/share/doc/gir1.2-accountsservice-1.0/changelog.Debian.gz
accountsservice: /usr/lib/accountsservice/accounts-daemon
有上圖所述的輸出說明,系統安裝了AccountService服務
修改配置文件針對使用了AccountsService的系統來說, /var/lib/AccountsService/users/username(你修改用戶名)
[User]
SystemAccount=true
*修改配置文件(未安裝AccountService服務並使用lightdm顯示管理器的系統), /etc/lightdm/users.conf
#
# User accounts configuration
#
# NOTE: If you have AccountsService installed on your system, then LightDM will
# use this instead and these settings will be ignored
#
# minimum-uid = Minimum UID required to be shown in greeter
# hidden-users = Users that are not shown to the user
# hidden-shells = Shells that indicate a user cannot login
#
[UserAccounts]
minimum-uid=500
hidden-users=nobody nobody4 noaccess username(你的用戶名) #這裏是在登陸界面隱藏哪些用戶
hidden-shells=/bin/false
Note: 這種方法只是禁用了用戶從登陸界面但是沒有禁用用戶通過ssh或者ftp登陸
# 禁止用戶遠程登陸
# 通過修改/etc/passwd文件
username,,,:/home/username:/usr/sbin/nologin(有的系統爲/sbin/nologin, 具體根據nologin文件存在在哪而定)
#保持用戶從shell登陸
username,,,:/home/username:/bin/bash(有的系統爲/sbin/nologin, 具體根據nologin文件存在在哪而定)
#只禁用ssh登陸
#通過修改/etc/ssh/sshd_config
AllowUsers username1 username2 #指定允許ssh登陸的用戶