The invention discloses an operating system peripheral access permission control method based on users. The method includes the steps of firstly, building an equipment feature database, classifying the users into different user roles, building equipment application strategies and mandatory access control switches, and respectively building a user access control list, a user group access control list, and a user role access control list; updating the states of all the mandatory access control switches; secondly building and maintaining a system dialogue list; thirdly, monitoring equipment change in an operating system; fourthly, determining final access permission information according to peripheral equipment types, and controlling users' peripheral application in the operating system according to the mandatory access control switches and the final access permission information. The method is high in peripheral identification capability, safe and reliable, good in stability, good in universality, high in expandability, high in malware destroying preventing capability, fine in control granularity, and high in overall flexibility.