How to configure a CentOS system to restrict user access to system resources

How to configure the CentOS system to restrict user access to system resources

Introduction:
In a multi-user system, in order to protect the stability and security of the system, user access is required Permissions are restricted. CentOS is a popular Linux operating system. This article will introduce how to configure user access permissions on the CentOS system to limit system resources.

1. User and user group management
CentOS system uses /etc/passwd and /etc/group files to manage users and user groups. We can use the useradd command to create new users and the groupadd command to create new user groups.

Example 1: Create a new user

sudo useradd -m -G users,testuser    # 创建一个名为testuser的用户，并将其添加到users和testuser两个用户组中

2. User permissions management
In the CentOS system, user permission information is stored in the /etc/sudoers file. We can set the user's sudo permissions by modifying this file.

Example 2: Set user sudo permissions

sudo visudo     # 使用visudo命令来编辑sudoers文件

Find and modify the following lines in the file:

## Allow root to run any commands anywhere
root    ALL=(ALL)    ALL

## Allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL

## Allow members of group sudo to execute any command as any user
%sudo   ALL=(ALL:ALL) ALL

Example 3: Restrict user sudo permissions
If we wish to limit Users can only execute specific commands and can add corresponding permission settings, as shown below:

user1   ALL=(ALL)    /usr/bin/ls, /usr/bin/cat    # 用户user1可以执行ls和cat命令
user2   ALL=(ALL)    NOPASSWD: /sbin/reboot       # 用户user2可以执行reboot命令，无需密码验证

3. File permission management
CentOS system uses permission bits to manage the read, write and execution permissions of files. We can use the chmod command to change the permissions of a file.

Example 4: Changing file owners and permissions

sudo chown user1:group1 file.txt    # 将文件file.txt的所有者设置为user1，用户组设置为group1
sudo chmod 600 file.txt             # 设置文件file.txt的权限为600，即只有所有者有读写权限

Example 5: Setting the access control list (ACL) of a file
The access control list (ACL) allows us to set settings for files and directories Fine-grained access control. We can use the setfacl command to set the ACL of a file.

First, we need to ensure that the file system supports ACL. We can find the corresponding file system entry in the /etc/fstab file and ensure that the acl option is enabled. For example:

UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 0

Next, we can use the setfacl command to set the ACL of the file as follows:

sudo setfacl -m u:user1:rw file.txt        # 给user1授予file.txt的读写权限
sudo setfacl -m u:user2:r file.txt         # 给user2授予file.txt的读权限
sudo getfacl file.txt                      # 查看文件file.txt的ACL设置

Conclusion:
By properly configuring the CentOS system, we can restrict users Access rights to system resources to protect system stability and security. This article introduces common methods of user and user group management, user rights management, and file rights management, and provides corresponding code examples. I hope this article can help readers better configure the CentOS system and achieve effective management of system resources.

The above is the detailed content of How to configure a CentOS system to restrict user access to system resources. For more information, please follow other related articles on the PHP Chinese website!