User management

原文:https://docs.gitlab.com/ee/raketasks/user_management.html

User management

GitLab 提供 Rake 任务用于用户管理.

Add user as a developer to all projects

要将用户作为开发人员添加到所有项目中,请运行:

  1. # omnibus-gitlab
  2. sudo gitlab-rake gitlab:import:user_to_projects[username@domain.tld]
  4. # installation from source
  5. bundle exec rake gitlab:import:user_to_projects[username@domain.tld] RAILS_ENV=production

Add all users to all projects

要将所有用户添加到所有项目,请运行:

  1. # omnibus-gitlab
  2. sudo gitlab-rake gitlab:import:all_users_to_all_projects
  4. # installation from source
  5. bundle exec rake gitlab:import:all_users_to_all_projects RAILS_ENV=production

注意:管理员用户被添加为维护者.

Add user as a developer to all groups

要将用户作为开发人员添加到所有组,请运行:

  1. # omnibus-gitlab
  2. sudo gitlab-rake gitlab:import:user_to_groups[username@domain.tld]
  4. # installation from source
  5. bundle exec rake gitlab:import:user_to_groups[username@domain.tld] RAILS_ENV=production

Add all users to all groups

要将所有用户添加到所有组,请运行:

  1. # omnibus-gitlab
  2. sudo gitlab-rake gitlab:import:all_users_to_all_groups
  4. # installation from source
  5. bundle exec rake gitlab:import:all_users_to_all_groups RAILS_ENV=production

注意:管理员用户被添加为所有者,因此他们可以将其他用户添加到组中.

Control the number of active users

启用此设置可以阻止新用户被阻止,直到管理员将其清除为止. 默认为false

  1. block_auto_created_users: false

Disable two-factor authentication for all users

此任务为所有启用了双重身份验证的用户禁用两因素身份验证(2FA). 例如,如果 GitLab 的config/secrets.yml文件丢失并且用户无法登录,这将很有用.

要为所有用户禁用双重身份验证,请运行:

  1. # omnibus-gitlab
  2. sudo gitlab-rake gitlab:two_factor:disable_for_all_users
  4. # installation from source
  5. bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production

Rotate two-factor authentication encryption key

GitLab 将两因素身份验证(2FA)所需的机密数据存储在加密的数据库列中. 此数据的加密密钥称为otp_key_base ,存储在config/secrets.yml .

如果该文件泄漏了,但单个 2FA 机密没有泄漏,则可以使用新的加密密钥重新加密这些机密. 这使您可以更改泄漏的密钥,而不必强制所有用户更改其 2FA 详细信息.

旋转两因素身份验证加密密钥:

  1. 查找旧密钥. 该文件位于config/secrets.yml文件中,但请确保您正在使用 Production 部分 . 您感兴趣的行将如下所示:

    1. production:
    2.   otp_key_base: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

  2. 生成一个新的秘密:

    1. # omnibus-gitlab
    2. sudo gitlab-rake secret
    4. # installation from source
    5. bundle exec rake secret RAILS_ENV=production

  3. 停止 GitLab 服务器,备份现有的机密文件,然后更新数据库:

    1. # omnibus-gitlab
    2. sudo gitlab-ctl stop
    3. sudo cp config/secrets.yml config/secrets.yml.bak
    4. sudo gitlab-rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key>
    6. # installation from source
    7. sudo /etc/init.d/gitlab stop
    8. cp config/secrets.yml config/secrets.yml.bak
    9. bundle exec rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key> RAILS_ENV=production

    可以从config/secrets.yml读取<old key>值( <new key>是先前生成的). 用户 2FA 机密的加密值将被写入指定的filename . 如果发生错误,可以使用它进行回滚.

  4. 更改config/secrets.yml otp_key_base以将otp_key_base设置为<new key>并重新启动. 同样,请确保您在生产部分中进行操作.

    1. # omnibus-gitlab
    2. sudo gitlab-ctl start
    4. # installation from source
    5. sudo /etc/init.d/gitlab start

如果有任何问题(也许为old_key使用了错误的值),则可以还原config/secrets.yml old_key的备份并回滚更改:

  1. # omnibus-gitlab
  2. sudo gitlab-ctl stop
  3. sudo gitlab-rake gitlab:two_factor:rotate_key:rollback filename=backup.csv
  4. sudo cp config/secrets.yml.bak config/secrets.yml
  5. sudo gitlab-ctl start
  7. # installation from source
  8. sudo /etc/init.d/gitlab start
  9. bundle exec rake gitlab:two_factor:rotate_key:rollback filename=backup.csv RAILS_ENV=production
  10. cp config/secrets.yml.bak config/secrets.yml
  11. sudo /etc/init.d/gitlab start