How to set up CentOS system to restrict user access to key system files
Overview:
In Linux systems, in order to protect the security of the system, we usually need to restrict ordinary users from accessing key system files access rights. This article will introduce how to restrict user access to key system files by setting permissions on CentOS systems.
Steps:
Create a new ordinary user
First, we need to create a new ordinary user in order to limit the permissions to this user. Execute the following command in the terminal:
sudo adduser restricted_user
Modify the permissions of the file
In the CentOS system, most of the permissions of the system files and directories are owned by the root user. We need to modify the files. permissions to restrict other users' access. For example, we can restrict user access to the /etc/passwd file:
sudo chmod 750 /etc/passwd
Add the user to the group to which the restricted file belongs
In order to enable restricted_user to access the /etc/passwd file (The permissions of this file have been restricted), we need to add it to the group to which the file belongs. Execute the following command:
sudo usermod -a -G restricted_group restricted_user
Modify the sudoers file
In order to allow restricted_user to perform privileged operations when needed, we can modify the sudoers file. Open the terminal and enter the following command to edit the sudoers file:
sudo visudo
Add the following lines to the opened file, where restricted_user is the restricted user created in the previous step:
restricted_user ALL=(ALL) ALL
Through the above steps, we have successfully set up the CentOS system to restrict restricted_user's access to key system files. Now, restricted_user will only be able to access files and directories assigned by the root user.
Code Example:
To better understand how to restrict user access to critical system files, the following is a code example that demonstrates how to create a normal user, modify file permissions, and add users to restrictions Steps such as the group to which the file belongs, modifying the sudoers file, etc.
# 创建新的普通用户 sudo adduser restricted_user # 修改文件的权限 sudo chmod 750 /etc/passwd # 将用户添加到限制文件的所属组 sudo usermod -a -G restricted_group restricted_user # 修改sudoers文件 sudo visudo # 在文件中添加以下行 restricted_user ALL=(ALL) ALL # 更新用户组 # 退出当前终端,重新登录restricted_user用户
Conclusion:
The security of the CentOS system can be improved by restricting user access to critical system files. In this process, we introduced steps such as how to create new users, modify file permissions, add users to groups that restrict files, and modify the sudoers file. These steps will help us set and manage user permissions on CentOS systems to ensure that system files can only be accessed by authorized users.
The above is the detailed content of How to set up a CentOS system to restrict user access to critical system files. For more information, please follow other related articles on the PHP Chinese website!