CentOS7 user permission settings

1. add the sudo permission, edit and modify the/etc/sudoers configuration file, and add the account with the sudo permission under rootALL = (ALL) ALL. 2. modify the ssh remote port: edit vi/etc/ssh/sshd_config, find # Port22, and change it to: Port22, change the Port 22 to the Port number you want to change (for example, 8

1. add sudo permissions, edit and modify the/etc/sudoers configuration file, and add the account with sudo permissions under root ALL = (ALL) ALL.

2. modify the ssh remote Port: edit vi/etc/ssh/sshd_config, locate # Port 22, and change it to: Port 22, change the Port 22 to the Port number you want to change (such as 8080), save and exit, and restart the sshd service (systemctl restart sshd. service ). In etc/sysconfig/iptables, change the original port 22 to the port number in sshd_config, and save and restart the iptables service (systemctl restart iptables. service ).

3. for the sake of security, do not allow the root user to remotely log on to the system. edit # vi/etc/ssh/sshd_config, find PermitRootLogin yes, change PermitRootLogin no, save and exit, restart the sshd service (systemctl restart sshd. service ).
 

4. restrict non-wheel users and do not use the su command.
 

Edit the/etc/pam. d/su file,

Add auth required/usr/lib64/security/pam_wheel.so use_uid
Auth sufficient/usr/lib64/security/pam_rootok.so debug

Auth required/usr/lib64/security/pam_wheel.so group = wheel
 

(Note: the paths of these three files are under centos7. For other versions, please find them by yourself ),

Modify the/etc/login. defs file and add SU_WHEEL_ONLY yes at the end. Run the usermod-G wheel username command to add the newly added normal user to the wheel group.