歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux綜合 >> Linux資訊 >> 更多Linux

/etc/security目錄下的conf配置

  /etc/security目錄下的conf配置後要重啟那個服務或者進程才能生效? 今天看到/etc/security目錄下的一些conf文件,能夠對用戶進行限制但照說明配置後卻無效。我該啟動或者重啟那個服務或者進程那,請高手指教。 我在limits.conf中加了root - maxlogins 1 希望系統中同時只能有一個root 我在chroot.conf中加了guest /home/guest 希望把guest用戶只能看到/home/guest目錄。 我要怎麼做才能達到目的那? 順便說一句,系統是Redhat 8.0 哈,沒問題,看來應該是你沒有修改/etc/pam.d/login文件,我已經試驗成功 Securing and Optimizing Linux: RedHat Edition -A Hands on Guide Prev Chapter 5. General System Security Next 5.15. Put limits on resource The limits.conf file located under the /etc/security Directory can be used to control and limit resources for the users on your system. It is important to set resource limits on all your users so they can't perform denial of service attacks number of processes, amount of memory, etc). These limits will have to be set up for the user when he or she logs in. For example, limits for all users on your system might look like this. 1. Edit the limits.conf file vi /etc/security/limits.conf and add or change the lines to read: * hard core 0 * hard rss 5000 * hard nproc 20 This says to prohibit the creation of core files - core 0, restrict the number of processes to 20 - nproc 20, and restrict memory usage to 5M - rss 5000 for everyone except the super user root. All of the above only concern users who have entered through the login prompt on your system. With this kind of quota, you have more control on the processes, core files, and memory usage that users may have on your system. The asterisk * mean: all users that logs in on the server. 2. You must also edit the /etc/pam.d/login file and add the following line to the bottom of the file: session required /lib/security/pam_limits.so After adding the line above, the /etc/pam.d/login file should look like this: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so passWord required /lib/security/pam_cracklib.so


password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow session required /lib/security/pam_pwdb.so session required /lib/security/pam_limits.so #session optional /lib/security/pam_console.so 3. Finally edit the /etc/profile file and change the following line: ulimit -c 1000000 to read: ulimit -S -c 1000000 > /dev/null 2<&1 This modification is required so as to avoid getting error messages like this Unable to reach limit during login:. Prev Home Next Blocking; su to root, by one and sundry Up Control mounting a file system



Copyright © Linux教程網 All Rights Reserved