How to configure a CentOS system to restrict user changes to system configuration

How to configure the CentOS system to restrict users from changing the system configuration

In a multi-user Linux system, for changes to certain system configurations and files, we do not want any user to have permission to modify them. Especially in some production environments, in order to ensure the stability and security of the system, it is necessary to restrict users from changing the system configuration. This article will describe how to configure a CentOS system to restrict user changes to system configuration.

1. Create a user group

First, we need to create a user group to manage users who have permission to make changes to the system configuration. We can use the groupadd command to create a new user group. For example, we can create a user group named "config":

sudo groupadd config

2. Add users to the user group

Next, we need to have the system configuration The user with the change permissions is added to the user group just created. We can use the usermod command to modify the user group to which the user belongs. For example, we can add user "user1" to the "config" user group:

sudo usermod -a -G config user1

3. Change permissions on system configuration files

Now, we need to restrict the user's access to the system Configuration file changes. We can use the chmod command to modify the permissions of the file. For example, we can set the system configuration file "/etc/sysconfig/network" to read-only permissions and do not allow users to modify:

sudo chmod 644 /etc/sysconfig/network

4. Add sudo permissions

In order to allow limited users to execute certain commands, we can use the sudo command. Adding users to the configuration group in the sudoers file can restrict the user's use of certain commands. Open the sudoers file:

sudo visudo

Find the following line in the file:

## Allow root to run any commands anywhere
root ALL=(ALL) ALL

Add the following below the line:

%config ALL=(ALL) /usr/bin/vim /etc/sysconfig/network

This allows users in the user group "config" Have sudo permissions when executing the "/usr/bin/vim /etc/sysconfig/network" command.

5. Test configuration

After completing the above steps, we can test whether the configuration takes effect. Switch to user "user1" and try to change the "/etc/sysconfig/network" file:

su user1
vim /etc/sysconfig/network

You will find that user "user1" does not have permission to modify the file because we set its permissions to read-only.

Summary:

By creating a user group, restricting users’ changes to system configuration files, and using the sudo command to set limited execution permissions, we can effectively restrict users’ changes to system configurations . This not only ensures system stability and security, but also brings convenience to management in a multi-user environment.

【Code sample completed】

The above is the detailed content of How to configure a CentOS system to restrict user changes to system configuration. For more information, please follow other related articles on the PHP Chinese website!