How to configure a CentOS system to restrict user access to system core files

How to restrict user access to core files in the CentOS system

In the CentOS system, core files are considered sensitive data, and restricting user access to core files is an important security measure. This article will introduce how to restrict user access to core files by configuring the CentOS system.

Step 1: Create a new group

First, we need to create a new group to distinguish users with different permissions. Run the following command in the terminal:

sudo groupadd kernel_users

This command will create a new group named kernel_users.

Step 2: Add users to the new group

Next, we need to add specific users to the kernel_users group so that specific access permissions can be set for this group in the future. Run the following command:

sudo usermod -a -G kernel_users username

where username is the username to be added to the kernel_users group.

Step 3: Edit the coredump.conf file

Now we need to edit the coredump.conf file, which controls the storage and access permissions of core files in the system. Run the following command to open the file:

sudo nano /etc/systemd/coredump.conf

In the opened file, find the following line:

#Storage=external

Change it to:

Storage=none

This disables the storage of core files .

Next, find the following line:

#ProcessSizeMax=2G

Change it to:

ProcessSizeMax=0

This will limit the size of the core file to 0, thus disabling the creation of the core file.

Step 4: Change the permissions of the core files

Now we need to change the permissions of the core files to ensure that only users in the kernel_users group can access them. Run the following command:

sudo chgrp kernel_users /var/core
sudo chmod 750 /var/core

This will change the group ownership of the /var/core directory to kernel_users and set appropriate permissions to ensure that only users in the group can access the directory.

Step 5: Restart the system

After completing the above steps, we need to restart the CentOS system for the changes to take effect. Run the following command:

sudo reboot

The system will reboot for restricting user access to core files to take effect.

Summary:

By following the above steps, you can successfully restrict user access to core files in the CentOS system. This security measure helps prevent malicious users from accessing and manipulating critical system files and improves system security.

While these steps apply on CentOS systems, they can be modified to suit other Linux distributions as needed. When configuring your system, keep in mind the importance of system security and ensure that only authorized users have access to core files.

The above is the detailed content of How to configure a CentOS system to restrict user access to system core files. For more information, please follow other related articles on the PHP Chinese website!