526.md

# User management

> 原文：[https://docs.gitlab.com/ee/raketasks/user_management.html](https://docs.gitlab.com/ee/raketasks/user_management.html)

*   [Add user as a developer to all projects](#add-user-as-a-developer-to-all-projects)
*   [Add all users to all projects](#add-all-users-to-all-projects)
*   [Add user as a developer to all groups](#add-user-as-a-developer-to-all-groups)
*   [Add all users to all groups](#add-all-users-to-all-groups)
*   [Control the number of active users](#control-the-number-of-active-users)
*   [Disable two-factor authentication for all users](#disable-two-factor-authentication-for-all-users)
*   [Rotate two-factor authentication encryption key](#rotate-two-factor-authentication-encryption-key)

# User management[](#user-management-core-only "Permalink")

GitLab 提供 Rake 任务用于用户管理.

## Add user as a developer to all projects[](#add-user-as-a-developer-to-all-projects "Permalink")

要将用户作为开发人员添加到所有项目中，请运行：

```
# omnibus-gitlab
sudo gitlab-rake gitlab:import:user_to_projects[username@domain.tld]

# installation from source
bundle exec rake gitlab:import:user_to_projects[username@domain.tld] RAILS_ENV=production 
```

## Add all users to all projects[](#add-all-users-to-all-projects "Permalink")

要将所有用户添加到所有项目，请运行：

```
# omnibus-gitlab
sudo gitlab-rake gitlab:import:all_users_to_all_projects

# installation from source
bundle exec rake gitlab:import:all_users_to_all_projects RAILS_ENV=production 
```

**注意：**管理员用户被添加为维护者.

## Add user as a developer to all groups[](#add-user-as-a-developer-to-all-groups "Permalink")

要将用户作为开发人员添加到所有组，请运行：

```
# omnibus-gitlab
sudo gitlab-rake gitlab:import:user_to_groups[username@domain.tld]

# installation from source
bundle exec rake gitlab:import:user_to_groups[username@domain.tld] RAILS_ENV=production 
```

## Add all users to all groups[](#add-all-users-to-all-groups "Permalink")

要将所有用户添加到所有组，请运行：

```
# omnibus-gitlab
sudo gitlab-rake gitlab:import:all_users_to_all_groups

# installation from source
bundle exec rake gitlab:import:all_users_to_all_groups RAILS_ENV=production 
```

**注意：**管理员用户被添加为所有者，因此他们可以将其他用户添加到组中.

## Control the number of active users[](#control-the-number-of-active-users "Permalink")

启用此设置可以阻止新用户被阻止，直到管理员将其清除为止. 默认为`false` ：

```
block_auto_created_users: false 
```

## Disable two-factor authentication for all users[](#disable-two-factor-authentication-for-all-users "Permalink")

此任务为所有启用了双重身份验证的用户禁用两因素身份验证（2FA）. 例如，如果 GitLab 的`config/secrets.yml`文件丢失并且用户无法登录，这将很有用.

要为所有用户禁用双重身份验证，请运行：

```
# omnibus-gitlab
sudo gitlab-rake gitlab:two_factor:disable_for_all_users

# installation from source
bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production 
```

## Rotate two-factor authentication encryption key[](#rotate-two-factor-authentication-encryption-key "Permalink")

GitLab 将两因素身份验证（2FA）所需的机密数据存储在加密的数据库列中. 此数据的加密密钥称为`otp_key_base` ，存储在`config/secrets.yml` .

如果该文件泄漏了，但单个 2FA 机密没有泄漏，则可以使用新的加密密钥重新加密这些机密. 这使您可以更改泄漏的密钥，而不必强制所有用户更改其 2FA 详细信息.

旋转两因素身份验证加密密钥：

1.  查找旧密钥. 该文件位于`config/secrets.yml`文件中，但请**确保您正在使用 Production 部分** . 您感兴趣的行将如下所示：

    ```
    production:
      otp_key_base: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 
    ```

2.  生成一个新的秘密：

    ```
    # omnibus-gitlab
    sudo gitlab-rake secret

    # installation from source
    bundle exec rake secret RAILS_ENV=production 
    ```

3.  停止 GitLab 服务器，备份现有的机密文件，然后更新数据库：

    ```
    # omnibus-gitlab
    sudo gitlab-ctl stop
    sudo cp config/secrets.yml config/secrets.yml.bak
    sudo gitlab-rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key>

    # installation from source
    sudo /etc/init.d/gitlab stop
    cp config/secrets.yml config/secrets.yml.bak
    bundle exec rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key> RAILS_ENV=production 
    ```

    可以从`config/secrets.yml`读取`<old key>`值（ `<new key>`是先前生成的）. 用户 2FA 机密的**加密**值将被写入指定的`filename` . 如果发生错误，可以使用它进行回滚.

4.  更改`config/secrets.yml` `otp_key_base`以将`otp_key_base`设置为`<new key>`并重新启动. 同样，请确保您在**生产**部分中进行操作.

    ```
    # omnibus-gitlab
    sudo gitlab-ctl start

    # installation from source
    sudo /etc/init.d/gitlab start 
    ```

如果有任何问题（也许为`old_key`使用了错误的值），则可以还原`config/secrets.yml` `old_key`的备份并回滚更改：

```
# omnibus-gitlab
sudo gitlab-ctl stop
sudo gitlab-rake gitlab:two_factor:rotate_key:rollback filename=backup.csv
sudo cp config/secrets.yml.bak config/secrets.yml
sudo gitlab-ctl start

# installation from source
sudo /etc/init.d/gitlab start
bundle exec rake gitlab:two_factor:rotate_key:rollback filename=backup.csv RAILS_ENV=production
cp config/secrets.yml.bak config/secrets.yml
sudo /etc/init.d/gitlab start 
```