堆栈内存溢出
  简体   繁体   English

在 Google Compute Engine 虚拟机中创建和管理用户的最佳实践是什么

[英]What are the best practices to create and manage users used in Google Compute Engine virtual machine

 原文  2023-01-26 06:37:09       google-cloud-platform/ user-controls/ google-compute-engine/ access-control

问题描述

I am trying to create a gcp compute engine vm and create some users and user groups and define some folders and files and applications that are only accessible by certain users or groups.我正在尝试创建一个 gcp 计算引擎 vm 并创建一些用户和用户组,并定义一些文件夹和文件以及只能由某些用户或组访问的应用程序。 I did that through ssh-ing into the instance and manually create new users and groups with useradd and groupadd commands and set the owner and permissions of files or folders manually as well.我通过 ssh-ing 进入实例并使用 useradd 和 groupadd 命令手动创建新用户和组并手动设置文件或文件夹的所有者和权限来做到这一点。 I feel this is very time consuming and error prone.我觉得这非常耗时且容易出错。 Are there best practices to set these things without ssh-ing the instance?是否有最佳实践可以在不对实例进行 ssh 的情况下设置这些东西? If I want to define an internally facing tool that should be accessed only by a small group of people, how do I systematically do it??如果我想定义一个只应由一小部分人访问的面向内部的工具,我该如何系统地做到这一点? Should I use some post-installation scripts to run all these Linux environment configuring commands??我应该使用一些安装后脚本来运行所有这些 Linux 环境配置命令吗?

I manually created the users and groups and permissions of interested files, folders and allocations.我手动创建了感兴趣的文件、文件夹和分配的用户和组以及权限。

1 个解决方案

解决方案1
 0  2023-01-29 14:52:52

You can either use a configuration management tool such as Chef, Ansible, puppet or startup script or even a provisioning tool.您可以使用配置管理工具,例如 Chef、Ansible、puppet 或启动脚本,甚至是配置工具。

For your use case, i think a simple startup script would suffice [1].对于您的用例,我认为一个简单的启动脚本就足够了 [1]。

[1] https://cloud.google.com/compute/docs/startupscript [1] https://cloud.google.com/compute/docs/startupscript

#!/bin/bash

# Create a new user
useradd -m <username>

# Create a new group
groupadd <groupname>

# Add the user to the group
usermod -a -G <groupname> <username>

# Create a new directory
mkdir <directory>

# Set the group ownership of the directory
chown :<groupname> <directory>

# Set the permissions for the directory so that only members of the group can access it
chmod 770 <directory>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google Compute Engine 的 Cron 作业 - Cron Jobs for Google Compute Engine 将 PHP 代码从 github 部署/重新部署到 GCP Compute Engine LAMP 堆栈的最佳方式 [Google 点击部署] - The best way to deploy/redeploy PHP code from github to GCP Compute Engine LAMP Stack [Google Click to Deploy] 谷歌云计算引擎 http 连接超时 - Google Cloud Compute Engine http Connection Timeout 无法访问谷歌云计算引擎上的 Jenkins - Unable to access Jenkins on compute engine on google cloud “冻结”谷歌计算引擎实例 PostgreSQL - "frozen" Google compute engine instance with PostgreSQL 如何从计算引擎访问谷歌驱动器 - How to access google drive from compute engine Compute Engine API - 如何使用容器创建实例? - Compute Engine API - How to create an instance with container? 从 App Engine 和外部连接到 Google Compute Engine 上的 MySQL - Connect to MySQL on Google Compute Engine from App Engine and externally 在 Google Compute Engine 上删除或释放静态 IP - Removing or releasing a static IP on Google Compute Engine 暂停 Dataproc 集群 - Google 计算引擎 - Pausing Dataproc cluster - Google Compute engine
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM