ThinkChat🤖让你学习和工作更高效,注册即送10W Token,即刻开启你的AI之旅 广告
# User management > 原文:[https://docs.gitlab.com/ee/raketasks/user_management.html](https://docs.gitlab.com/ee/raketasks/user_management.html) * [Add user as a developer to all projects](#add-user-as-a-developer-to-all-projects) * [Add all users to all projects](#add-all-users-to-all-projects) * [Add user as a developer to all groups](#add-user-as-a-developer-to-all-groups) * [Add all users to all groups](#add-all-users-to-all-groups) * [Control the number of active users](#control-the-number-of-active-users) * [Disable two-factor authentication for all users](#disable-two-factor-authentication-for-all-users) * [Rotate two-factor authentication encryption key](#rotate-two-factor-authentication-encryption-key) # User management[](#user-management-core-only "Permalink") GitLab 提供 Rake 任务用于用户管理. ## Add user as a developer to all projects[](#add-user-as-a-developer-to-all-projects "Permalink") 要将用户作为开发人员添加到所有项目中,请运行: ``` # omnibus-gitlab sudo gitlab-rake gitlab:import:user_to_projects[username@domain.tld] # installation from source bundle exec rake gitlab:import:user_to_projects[username@domain.tld] RAILS_ENV=production ``` ## Add all users to all projects[](#add-all-users-to-all-projects "Permalink") 要将所有用户添加到所有项目,请运行: ``` # omnibus-gitlab sudo gitlab-rake gitlab:import:all_users_to_all_projects # installation from source bundle exec rake gitlab:import:all_users_to_all_projects RAILS_ENV=production ``` **注意:**管理员用户被添加为维护者. ## Add user as a developer to all groups[](#add-user-as-a-developer-to-all-groups "Permalink") 要将用户作为开发人员添加到所有组,请运行: ``` # omnibus-gitlab sudo gitlab-rake gitlab:import:user_to_groups[username@domain.tld] # installation from source bundle exec rake gitlab:import:user_to_groups[username@domain.tld] RAILS_ENV=production ``` ## Add all users to all groups[](#add-all-users-to-all-groups "Permalink") 要将所有用户添加到所有组,请运行: ``` # omnibus-gitlab sudo gitlab-rake gitlab:import:all_users_to_all_groups # installation from source bundle exec rake gitlab:import:all_users_to_all_groups RAILS_ENV=production ``` **注意:**管理员用户被添加为所有者,因此他们可以将其他用户添加到组中. ## Control the number of active users[](#control-the-number-of-active-users "Permalink") 启用此设置可以阻止新用户被阻止,直到管理员将其清除为止. 默认为`false` : ``` block_auto_created_users: false ``` ## Disable two-factor authentication for all users[](#disable-two-factor-authentication-for-all-users "Permalink") 此任务为所有启用了双重身份验证的用户禁用两因素身份验证(2FA). 例如,如果 GitLab 的`config/secrets.yml`文件丢失并且用户无法登录,这将很有用. 要为所有用户禁用双重身份验证,请运行: ``` # omnibus-gitlab sudo gitlab-rake gitlab:two_factor:disable_for_all_users # installation from source bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production ``` ## Rotate two-factor authentication encryption key[](#rotate-two-factor-authentication-encryption-key "Permalink") GitLab 将两因素身份验证(2FA)所需的机密数据存储在加密的数据库列中. 此数据的加密密钥称为`otp_key_base` ,存储在`config/secrets.yml` . 如果该文件泄漏了,但单个 2FA 机密没有泄漏,则可以使用新的加密密钥重新加密这些机密. 这使您可以更改泄漏的密钥,而不必强制所有用户更改其 2FA 详细信息. 旋转两因素身份验证加密密钥: 1. 查找旧密钥. 该文件位于`config/secrets.yml`文件中,但请**确保您正在使用 Production 部分** . 您感兴趣的行将如下所示: ``` production: otp_key_base: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ``` 2. 生成一个新的秘密: ``` # omnibus-gitlab sudo gitlab-rake secret # installation from source bundle exec rake secret RAILS_ENV=production ``` 3. 停止 GitLab 服务器,备份现有的机密文件,然后更新数据库: ``` # omnibus-gitlab sudo gitlab-ctl stop sudo cp config/secrets.yml config/secrets.yml.bak sudo gitlab-rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key> # installation from source sudo /etc/init.d/gitlab stop cp config/secrets.yml config/secrets.yml.bak bundle exec rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key> RAILS_ENV=production ``` 可以从`config/secrets.yml`读取`<old key>`值( `<new key>`是先前生成的). 用户 2FA 机密的**加密**值将被写入指定的`filename` . 如果发生错误,可以使用它进行回滚. 4. 更改`config/secrets.yml` `otp_key_base`以将`otp_key_base`设置为`<new key>`并重新启动. 同样,请确保您在**生产**部分中进行操作. ``` # omnibus-gitlab sudo gitlab-ctl start # installation from source sudo /etc/init.d/gitlab start ``` 如果有任何问题(也许为`old_key`使用了错误的值),则可以还原`config/secrets.yml` `old_key`的备份并回滚更改: ``` # omnibus-gitlab sudo gitlab-ctl stop sudo gitlab-rake gitlab:two_factor:rotate_key:rollback filename=backup.csv sudo cp config/secrets.yml.bak config/secrets.yml sudo gitlab-ctl start # installation from source sudo /etc/init.d/gitlab start bundle exec rake gitlab:two_factor:rotate_key:rollback filename=backup.csv RAILS_ENV=production cp config/secrets.yml.bak config/secrets.yml sudo /etc/init.d/gitlab start ```