CentOS creates sub-accounts and grants root permission to prohibit root login

Original text: lwebapp.com/zh/post/cen…

demand

Recently, we encountered the problem that Ali Cloud ECS server was attacked by DDoS, indicating that the security of our server needs to be improved. In terms of SSH login, you can set a subuser for the Linux system and forbid root login to improve security.

In this article you will learn

• How can I create a user for Linux and CentOS and set a password
• How to grant permission control to new CentOS users
• How can I disable root login to improve SERVER SSH Remote Connection security
• How do I restart the SSHD service
• How do I view and modify file permissions

User management

1. Create a user and set a password

   Let’s create a user and give it a name, like lWebApp

   adduser lwebapp
   Copy the code

   Setting a password for user LwebApp will trigger interaction, and you can enter the password

   passwd lwebapp To trigger interaction, enter the password lwebappwd
   Copy the code

2. Grant root permission modify sudoers to grant root permission to the newly created user so that all server operations can be completed each time you log in as the new user lwebApp.

   The sudoers file is in the /etc directory

   chmod 777 /etc/sudoers
   Copy the code

   Then open it with Vim

   Hit I to go into edit mode

   vim /etc/sudoers
   Copy the code

   Root ALL=(ALL) ALL

   lwebapp ALL=(ALL) ALL Grant all permissions to lwebApp, same as root above
   Copy the code

   Press Esc, Enter a colon (:) to Enter the vim command mode, Enter wq, and press Enter to save the configuration and exit

   Save the file and then set the file permissions back

   chmod 444 /etc/sudoers
   Copy the code

3. Banning root login because there are new users, the root user login permission to disable, so that hackers can not crack root login to operate the server, at least our new user name is changed, to add a layer of difficulty to the hacker attack

   Locate and edit the sshd_config file

   vim /etc/ssh/sshd_config
   Copy the code

   Select PermitRootLogin yes and change “yes” to “no”

   PermitRootLogin no
   Copy the code

4. Restart the SSHD Restart the SSHD to take effect

   systemctl restart sshd.service
   Copy the code

Original text: lwebapp.com/zh/post/cen…

Extend the learning

File permissions

1. View file Permissions

   stat -c '%A %a %n' *
   Copy the code

2. Give 777 permission to all files in a folder

   chmod 777 -R ./webapps
   Copy the code

Basic VIM operations

1. Open a file

   vim file.txt
   Copy the code

2. Enter the edit mode and press I. The bottom of the terminal interface displays — INSERT — which indicates the edit mode

3. Enter the command mode and enter:, and the cursor is displayed at the bottom of the terminal interface

4. To exit edit mode or command mode, press Esc

5. In command mode, Enter wq and press Enter to save the configuration and exit

6. To forcibly exit the command mode, enter q! Press Enter to complete the forced exit

The SSHD service

1. Check the SSHD service status

   systemctl status sshd.service
   Copy the code

   A series of service states are displayed, such as RUNNING, which indicates a successful startup

2. Start the SSHD service

   systemctl start sshd.service
   Copy the code

3. Restart the SSHD service

   systemctl restart sshd.service
   Copy the code

4. Set to boot upon startup

   systemctl enable sshd.service
   Copy the code

reference

• Centos creates a user and grants root permission and forbids the login of root
• Centos7.5 Create an account and grant the root permission
• This section describes how to restart the SSHD service in centos7