Home > Article > Operation and Maintenance > How to configure a CentOS system to restrict user changes to system configuration
How to configure the CentOS system to restrict users from changing the system configuration
In a multi-user Linux system, for changes to certain system configurations and files, we do not want any user to have permission to modify them. Especially in some production environments, in order to ensure the stability and security of the system, it is necessary to restrict users from changing the system configuration. This article will describe how to configure a CentOS system to restrict user changes to system configuration.
First, we need to create a user group to manage users who have permission to make changes to the system configuration. We can use the groupadd
command to create a new user group. For example, we can create a user group named "config":
sudo groupadd config
Next, we need to have the system configuration The user with the change permissions is added to the user group just created. We can use the usermod
command to modify the user group to which the user belongs. For example, we can add user "user1" to the "config" user group:
sudo usermod -a -G config user1
Now, we need to restrict the user's access to the system Configuration file changes. We can use the chmod
command to modify the permissions of the file. For example, we can set the system configuration file "/etc/sysconfig/network" to read-only permissions and do not allow users to modify:
sudo chmod 644 /etc/sysconfig/network
In order to allow limited users to execute certain commands, we can use the sudo command. Adding users to the configuration group in the sudoers file can restrict the user's use of certain commands. Open the sudoers file:
sudo visudo
Find the following line in the file:
## Allow root to run any commands anywhere root ALL=(ALL) ALL
Add the following below the line:
%config ALL=(ALL) /usr/bin/vim /etc/sysconfig/network
This allows users in the user group "config" Have sudo permissions when executing the "/usr/bin/vim /etc/sysconfig/network" command.
After completing the above steps, we can test whether the configuration takes effect. Switch to user "user1" and try to change the "/etc/sysconfig/network" file:
su user1 vim /etc/sysconfig/network
You will find that user "user1" does not have permission to modify the file because we set its permissions to read-only.
Summary:
By creating a user group, restricting users’ changes to system configuration files, and using the sudo command to set limited execution permissions, we can effectively restrict users’ changes to system configurations . This not only ensures system stability and security, but also brings convenience to management in a multi-user environment.
【Code sample completed】
The above is the detailed content of How to configure a CentOS system to restrict user changes to system configuration. For more information, please follow other related articles on the PHP Chinese website!