技术领域Technical field
本发明涉及文件系统配置技术领域,具体涉及一种访问控制列表权限设置方法、装置、设备及存储介质。The invention relates to the technical field of file system configuration, and in particular to an access control list permission setting method, device, equipment and storage medium.
背景技术Background technique
ACL权限(Access Control List,访问控制列表)是一种Linux系统中实现访问控制的机制,ACL权限可以对文件和目录进行访问控制。ACL权限的主要作用是实现更为精细地文件权限控制,允许管理员对用户分配权限,以满足不同的安全管理要求。ACL permissions (Access Control List, Access Control List) is a mechanism to implement access control in Linux systems. ACL permissions can control access to files and directories. The main function of ACL permissions is to achieve more granular file permission control, allowing administrators to assign permissions to users to meet different security management requirements.
在现有技术中,基于ACL权限的访问控制是对每个网络资源均形成可访问的列表,对ACL权限进行配置需要手动完成,然而对于复杂的网络环境和配置策略需求,配置过程较为繁琐。In the existing technology, access control based on ACL permissions forms an accessible list for each network resource, and configuring ACL permissions needs to be completed manually. However, for complex network environments and configuration policy requirements, the configuration process is relatively cumbersome.
发明内容Contents of the invention
有鉴于此,本发明提供了一种访问控制列表权限设置方法、装置、设备及存储介质,以解决现有技术中手动对ACL权限进行设置较为繁琐的问题。In view of this, the present invention provides an access control list permission setting method, device, equipment and storage medium to solve the problem in the prior art that manually setting ACL permissions is relatively cumbersome.
第一方面,本发明提供了一种访问控制列表权限设置方法,该方法包括:In a first aspect, the present invention provides a method for setting access control list permissions, which method includes:
获取已加载完成的用户信息,并判断能否识别出待设置文件系统的类型;Obtain the loaded user information and determine whether the type of file system to be set can be identified;
若能够识别出待设置文件系统的类型,根据类型获取待设置文件系统的文件目录的权限信息;If the type of the file system to be set can be identified, obtain the permission information of the file directory of the file system to be set based on the type;
根据待设置文件系统的文件目录的权限信息,判断已加载完成的用户信息中所表征的用户是否有文件目录的操作权限;According to the permission information of the file directory of the file system to be set, determine whether the user represented in the loaded user information has the operation permission of the file directory;
若用户具有文件目录的操作权限,则获取用户的操作命令,并根据用户的操作命令对待设置文件系统的文件目录的访问控制列表权限进行自动设置。If the user has the operation permission of the file directory, the user's operation command is obtained, and the access control list permissions of the file directory of the file system to be set are automatically set according to the user's operation command.
本发明通过在用户信息加载完成后,判断能否识别待设置文件系统的类型,以在能够识别到待设置文件系统的类型时,判断用户是否有文件目录的操作权限,从而能够在识别到待设置文件系统的类型,且用户具有文件目录的操作权限时,自动根据用户的操作命令对访问控制列表权限进行设置,省去了手动配置访问控制列表权限的过程,简化配置过程。The present invention determines whether the type of the file system to be set can be identified after the user information is loaded, so that when the type of the file system to be set can be identified, it is judged whether the user has the operating authority for the file directory, thereby being able to identify the type of the file system to be set. When the file system type is set and the user has operating permissions for the file directory, the access control list permissions are automatically set according to the user's operation commands, eliminating the need to manually configure the access control list permissions and simplifying the configuration process.
在一种可选的实施方式中,获取已加载完成的用户信息,包括:In an optional implementation, obtaining the loaded user information includes:
加载所有用户信息,并根据用户信息对用户的身份进行验证;Load all user information and verify the user's identity based on the user information;
若用户的身份验证未通过,则在所有用户信息中删除对应用户。If the user's identity verification fails, the corresponding user will be deleted from all user information.
本发明对用户的身份进行验证,以删除身份验证未通过的用户,从而在根本上避免身份验证未通过的用户对ACL权限进行设置导致的恶意修改。The invention verifies the user's identity to delete users who fail the identity verification, thereby fundamentally avoiding malicious modifications caused by users who fail the identity verification setting ACL permissions.
在一种可选的实施方式中,根据类型获取待设置文件系统的文件目录的权限信息,包括:In an optional implementation, obtaining the permission information of the file directory of the file system to be set according to the type includes:
根据类型获取对应的权限控制命令集;Obtain the corresponding permission control command set according to the type;
根据权限控制命令集中的命令获取待设置文件系统的文件目录的权限信息。Obtain the permission information of the file directory of the file system to be set according to the commands in the permission control command set.
本发明采用待设置文件系统类型对应的权限控制命令集中的命令,以直接获取到文件目录的权限信息,便于判断各个用户的权限。The present invention uses the commands in the permission control command set corresponding to the file system type to be set to directly obtain the permission information of the file directory, so as to facilitate the determination of the permissions of each user.
在一种可选的实施方式中,判断已加载完成的用户信息中的用户是否有文件目录的操作权限,包括:In an optional implementation, determining whether the user in the loaded user information has operating permissions for the file directory includes:
通过权限验证命令获取用户信息中用户的权限信息,并对权限信息进行解析,权限验证命令的参数包括文件目录;Obtain the user's permission information in the user information through the permission verification command, and parse the permission information. The parameters of the permission verification command include the file directory;
若解析结果为用户可以对文件目录进行修改,则确定用户具有文件目录的操作权限;If the parsing result shows that the user can modify the file directory, it is determined that the user has the operation permission of the file directory;
若解析结果为用户无法对文件目录进行修改,则确定用户不具有文件目录的操作权限。If the parsing result is that the user cannot modify the file directory, it is determined that the user does not have the operation permission for the file directory.
本发明对用户的权限进行判断,在用户可以对文件目录进行修改的情况下,确定用户具有操作权限,以便于用户的权限进行设置,在用户无法对文件目录进行修改的情况下,确定用户不具有操作权限,以对用户的权限进行限定。The present invention determines the user's authority. When the user can modify the file directory, it is determined that the user has operating authority to facilitate the setting of the user's authority. When the user cannot modify the file directory, it is determined that the user does not Have operation permissions to limit the user's permissions.
在一种可选的实施方式中,在根据用户的操作命令对待设置文件系统的文件目录的访问控制列表权限进行自动设置之前,该方法还包括:In an optional implementation, before automatically setting the access control list permissions of the file directory of the file system to be set according to the user's operation command, the method further includes:
获取用户对是否同步子目录的权限设置的选择结果,并根据选择结果对子目录的权限进行对应自动设置。Obtain the user's choice of whether to synchronize the permission settings of the subdirectory, and automatically set the permissions of the subdirectory based on the selection result.
本发明根据用户对是否同步子目录的权限设置的选择结果,自动设置子目录的权限,以根据用户的选择自动同步子目录的权限设置,避免再次对子目录的权限设置导致设置过程繁琐的情况。The present invention automatically sets the permissions of the subdirectory according to the user's choice of whether to synchronize the permission settings of the subdirectory, so as to automatically synchronize the permission settings of the subdirectory according to the user's choice, and avoids the situation where setting the permissions of the subdirectory again causes a cumbersome setting process. .
在一种可选的实施方式中,在根据用户的操作命令对待设置文件系统的文件目录的访问控制列表权限进行自动设置之前,该方法还包括:In an optional implementation, before automatically setting the access control list permissions of the file directory of the file system to be set according to the user's operation command, the method further includes:
判断用户是否具有临时权限;Determine whether the user has temporary permissions;
若用户具有临时权限,则获取临时权限对应的时间戳;If the user has temporary permissions, obtain the timestamp corresponding to the temporary permissions;
根据时间戳对用户的临时权限的时间进行自动设置。Automatically set the time of the user's temporary permissions based on the timestamp.
本发明在用户具有临时权限的情况下,对临时权限的时间进行自动设置,以避免管理员在临时授权权限忘记修改导致权限被修改的可能性。When the user has temporary authority, the present invention automatically sets the time of the temporary authority to avoid the possibility that the administrator forgets to modify the temporary authority and causes the authority to be modified.
在一种可选的实施方式中,在判断能否识别出待设置文件系统的类型之后,该方法还包括:In an optional implementation, after determining whether the type of file system to be set can be identified, the method further includes:
若无法识别出待设置文件系统的类型,则获取待设置文件系统的配置文件,根据配置文件对待设置文件系统进行加载,并根据配置文件重新识别待设置文件系统的类型。If the type of the file system to be set cannot be identified, the configuration file of the file system to be set is obtained, the file system to be set is loaded according to the configuration file, and the type of the file system to be set is re-identified based on the configuration file.
本发明对无法识别出类型上的待设置文件系统进行配置文件加载,以对加载后的文件系统进行ACL自动设置,以使得兼容多种文件系统,实现不同文件系统的ACL权限自动设置。The present invention loads configuration files for file systems whose types cannot be identified to be set, and automatically sets ACLs for the loaded file systems, so as to be compatible with multiple file systems and realize automatic setting of ACL permissions for different file systems.
第二方面,本发明提供了一种访问控制列表权限设置装置,该装置包括:In a second aspect, the present invention provides an access control list permission setting device, which includes:
第一判断模块,用于获取已加载完成的用户信息,并判断能否识别出待设置文件系统的类型;The first judgment module is used to obtain the loaded user information and judge whether the type of file system to be set can be identified;
获取模块,用于若能够识别出待设置文件系统的类型,根据类型获取待设置文件系统的文件目录的权限信息;The acquisition module is used to obtain the permission information of the file directory of the file system to be set based on the type if the type of the file system to be set can be identified;
第二判断模块,用于根据待设置文件系统的文件目录的权限信息,判断已加载完成的用户信息中所表征的用户是否有文件目录的操作权限;The second judgment module is used to judge whether the user represented in the loaded user information has the operation permission of the file directory based on the permission information of the file directory of the file system to be set;
权限设置模块,用于若用户具有文件目录的操作权限,则获取用户的操作命令,并根据用户的操作命令对待设置文件系统的文件目录的访问控制列表权限进行自动设置。The permission setting module is used to obtain the user's operation command if the user has the operation permission of the file directory, and automatically set the access control list permissions of the file directory of the file system to be set according to the user's operation command.
第三方面,本发明提供了一种计算机设备,包括:存储器和处理器,存储器和处理器之间互相通信连接,存储器中存储有计算机指令,处理器通过执行计算机指令,从而执行上述第一方面或其对应的任一实施方式的访问控制列表权限设置方法。In a third aspect, the present invention provides a computer device, including: a memory and a processor. The memory and the processor are communicatively connected to each other. Computer instructions are stored in the memory, and the processor executes the computer instructions to execute the first aspect. Or its corresponding access control list permission setting method in any embodiment.
第四方面,本发明提供了一种计算机可读存储介质,该计算机可读存储介质上存储有计算机指令,计算机指令用于使计算机执行上述第一方面或其对应的任一实施方式的访问控制列表权限设置方法。In a fourth aspect, the present invention provides a computer-readable storage medium. Computer instructions are stored on the computer-readable storage medium. The computer instructions are used to cause the computer to execute the access control of the above-mentioned first aspect or any of its corresponding embodiments. List permission setting method.
附图说明Description of the drawings
为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the specific embodiments of the present invention or the technical solutions in the prior art, the accompanying drawings that need to be used in the description of the specific embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description The drawings illustrate some embodiments of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without exerting any creative effort.
图1是根据本发明实施例的访问控制列表权限设置方法的流程示意图;Figure 1 is a schematic flowchart of a method for setting access control list permissions according to an embodiment of the present invention;
图2是根据本发明实施例中多文件系统访问控制列表权限设置过程的示意图;Figure 2 is a schematic diagram of a multi-file system access control list permission setting process according to an embodiment of the present invention;
图3是根据本发明实施例的访问控制列表权限设置装置的结构框图;Figure 3 is a structural block diagram of an access control list permission setting device according to an embodiment of the present invention;
图4是本发明实施例的计算机设备的硬件结构示意图。Figure 4 is a schematic diagram of the hardware structure of a computer device according to an embodiment of the present invention.
具体实施方式Detailed ways
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, rather than all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts fall within the scope of protection of the present invention.
目前,在Linux等操作系统中,对文件系统权限设置通常采用直接运行权限设置命令的方式,该种方式要求操作人员对不同的文件系统有一定的了解,而且不同的文件系统输入的参数和字符命令不同,设置方式也存在差异。Currently, in operating systems such as Linux, file system permissions are usually set by directly running permission setting commands. This method requires the operator to have a certain understanding of different file systems, and the parameters and characters input by different file systems Different commands have different setting methods.
对于不了解文件系统类型的用户来说,在对文件系统的文件和子目录下的内容进行手动添加、删除以及修改权限时,采用命令行的方式设置子文件夹下的递归目录的权限较为麻烦。部分文件系统的ACL权限设置参数众多,导致设置过程中易出错。同时,对于部分需要临时授权的场景,没有失效限定,如果出现管理员进行授权后忘记修改,临时授权将永久生效,可能导致ACL权限被恶意修改。For users who do not understand the file system type, it is troublesome to use the command line to set the permissions of recursive directories under subfolders when manually adding, deleting, and modifying permissions on files and subdirectories of the file system. Some file systems have many ACL permission setting parameters, making the setting process prone to errors. At the same time, for some scenarios that require temporary authorization, there is no expiration limit. If the administrator forgets to modify it after authorization, the temporary authorization will take effect permanently, which may cause ACL permissions to be maliciously modified.
根据本发明实施例,提供了一种访问控制列表权限设置方法实施例,需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。According to an embodiment of the present invention, an embodiment of an access control list permission setting method is provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer executable instructions, and ,Although a logical sequence is shown in the flowcharts, in some cases, the steps shown or described may be performed in a sequence different from that herein.
在本实施例中提供了一种访问控制列表权限设置方法,应用于多文件系统,该多文件系统可以兼容多种文件系统,实现多种文件系统的访问控制列表权限设置,图1是根据本发明实施例的访问控制列表权限设置方法的流程图,如图1所示,该流程包括如下步骤:In this embodiment, a method for setting access control list permissions is provided, which is applied to a multi-file system. The multi-file system can be compatible with multiple file systems and implement access control list permission settings for multiple file systems. Figure 1 is based on this The flow chart of the access control list permission setting method according to the embodiment of the invention is shown in Figure 1. The process includes the following steps:
步骤S101,获取已加载完成的用户信息,并判断能否识别出待设置文件系统的类型。Step S101: Obtain the loaded user information and determine whether the type of file system to be set can be identified.
在本发明实施例中,加载目录下的所有用户信息,待用户信息加载完成后,识别待设置文件系统的FLAG标志。具体地,调用待设置文件系统内核的API接口自动识别待设置文件系统的FLAG标志。若返回待设置文件系统的类型为NFS(Network File System,网络文件系统)或AFS(Andrew File System,分布式网络文件系统)或XFS(X File System,高性能网络文件系统)或GPFS(General Parallel File System,共享文件系统)或其他类型,则确定能够识别出待设置文件系统的类型,否则为无法识别出待设置文件系统的类型。In the embodiment of the present invention, all user information in the directory is loaded, and after the user information is loaded, the FLAG flag of the file system to be set is identified. Specifically, the API interface of the file system kernel to be set is called to automatically identify the FLAG flag of the file system to be set. If the type of file system to be set is returned to be NFS (Network File System, network file system) or AFS (Andrew File System, distributed network file system) or XFS (X File System, high-performance network file system) or GPFS (General Parallel File System (shared file system) or other types, it must be able to identify the type of file system to be set, otherwise it means that the type of file system to be set cannot be identified.
步骤S102,若能够识别出待设置文件系统的类型,根据类型获取待设置文件系统的文件目录的权限信息。Step S102: If the type of the file system to be set can be identified, obtain the permission information of the file directory of the file system to be set according to the type.
在本发明实施例中,若能够识别出待设置文件系统的类型,则根据待设置文件系统的类型,在该待设置文件系统的官方网站上获取该待设置文件系统的文件目录的权限信息,并以列表形式显示该待设置文件系统的所有文件目录的权限信息。In the embodiment of the present invention, if the type of the file system to be set can be identified, the permission information of the file directory of the file system to be set is obtained on the official website of the file system to be set according to the type of the file system to be set, And display the permission information of all file directories of the file system to be set in list form.
步骤S103,根据待设置文件系统的文件目录的权限信息,判断已加载完成的用户信息中的用户是否有文件目录的操作权限。Step S103: Based on the permission information of the file directory of the file system to be set, determine whether the user in the loaded user information has the operating permission of the file directory.
在本发明实施例中,根据待设置文件系统的文件目录的权限信息,通过执行权限判断命令,判断已加载完成的用户信息中的用户是否有修改、删除等操作权限。In the embodiment of the present invention, according to the permission information of the file directory of the file system to be set, by executing the permission judgment command, it is judged whether the user in the loaded user information has the permission to modify, delete, etc. operations.
步骤S104,若用户具有文件目录的操作权限,则获取用户的操作命令,并根据用户的操作命令对待设置文件系统的文件目录的访问控制列表权限进行自动设置。Step S104: If the user has the operation permission of the file directory, the user's operation command is obtained, and the access control list permissions of the file directory of the file system to be set are automatically set according to the user's operation command.
在本发明实施例中,在用户具有文件目录的操作权限的情况下,用户可以查看目录下所有子目录的权限信息,用户通过操作命令对待设置文件系统的文件目录的访问控制列表权限进行修改、删除等设置,多文件系统根据用户的操作命令对待设置文件系统的文件目录的访问控制列表权限进行自动设置。In the embodiment of the present invention, when the user has the operation permission of the file directory, the user can view the permission information of all subdirectories under the directory, and the user uses the operation command to modify the access control list permissions of the file directory of the file system to be set. For deletion and other settings, the multi-file system automatically sets the access control list permissions of the file directory of the file system to be set according to the user's operation command.
本实施例提供的访问控制列表权限设置方法,通过在用户信息加载完成后,判断能否识别待设置文件系统的类型,以在能够识别到待设置文件系统的类型时,判断用户是否有文件目录的操作权限,从而能够在识别到待设置文件系统的类型,且用户具有文件目录的操作权限时,自动根据用户的操作命令对访问控制列表权限进行设置,省去了手动配置访问控制列表权限的过程,简化配置过程。The access control list permission setting method provided in this embodiment determines whether the type of the file system to be set can be identified after the user information is loaded, so that when the type of the file system to be set can be identified, it is determined whether the user has a file directory. operation permissions, so that when the type of file system to be set is identified and the user has the operation permissions for the file directory, the access control list permissions are automatically set according to the user's operation commands, eliminating the need to manually configure the access control list permissions. process to simplify the configuration process.
具体地,在一实施例中,上述步骤S101中获取已加载完成的用户信息,具体包括如下步骤:Specifically, in one embodiment, obtaining the loaded user information in step S101 includes the following steps:
步骤S1011,加载所有用户信息,并根据用户信息对用户的身份进行验证。Step S1011, load all user information, and verify the user's identity based on the user information.
步骤S1012,若用户的身份验证未通过,则在所有用户信息中删除对应用户。Step S1012: If the user's identity verification fails, the corresponding user is deleted from all user information.
在本发明实施例中,加载所有用户的配置列表,验证用户的身份是否存在。具体地,用户的身份可以包括离职和在职。若用户的身份为在职,则保留该用户信息以及该用户的权限。若用户的身份为离职,则提示异常,删除该用户信息以及该用户的权限,以对没有操作权限的用户限制操作。In the embodiment of the present invention, the configuration list of all users is loaded to verify whether the user's identity exists. Specifically, the user's status may include resigned and employed. If the user's identity is employed, the user information and the user's permissions are retained. If the user's identity is resigned, an exception will be prompted, and the user's information and permissions will be deleted to restrict operations for users without operating permissions.
对用户的身份进行验证,以删除身份验证未通过的用户,从而在根本上避免身份验证未通过的用户对ACL权限进行设置导致的恶意修改。Verify the user's identity to delete users who fail authentication, thereby fundamentally avoiding malicious modifications caused by users who fail authentication setting ACL permissions.
具体地,在一实施例中,上述步骤S102中根据类型获取待设置文件系统的文件目录的权限信息,具体包括如下步骤:Specifically, in one embodiment, in the above step S102, the permission information of the file directory of the file system to be set is obtained according to the type, which specifically includes the following steps:
步骤S1021,根据类型获取对应的权限控制命令集。Step S1021: Obtain the corresponding permission control command set according to the type.
步骤S1022,根据权限控制命令集中的命令获取待设置文件系统的文件目录的权限信息。Step S1022: Obtain the permission information of the file directory of the file system to be set according to the commands in the permission control command set.
在本发明实施例中,待识别到待设置文件系统的类型之后,使用该文件系统类型支持的官方命令集,从官方命令集中筛选出与ACL相关的权限控制命令集,即使用该文件系统的ACL相关的权限控制命令集,获取待设置文件系统的所有目录的权限信息,并以列表形式进行显示,便于查看。In the embodiment of the present invention, after the type of the file system to be set is identified, the official command set supported by the file system type is used to filter out the ACL-related permission control command set from the official command set, that is, using the file system ACL-related permission control command set to obtain the permission information of all directories of the file system to be set, and display it in list form for easy viewing.
采用待设置文件系统类型对应的权限控制命令集中的命令,以直接获取到文件目录的权限信息,便于判断各个用户的权限。Use the commands in the permission control command set corresponding to the file system type to be set to directly obtain the permission information of the file directory to facilitate determining the permissions of each user.
具体地,在一实施例中,上述步骤S103中判断已加载完成的用户信息中的用户是否有文件目录的操作权限,具体包括如下步骤:Specifically, in one embodiment, in step S103, it is determined whether the user in the loaded user information has the operating authority for the file directory, which specifically includes the following steps:
步骤S1031,通过权限验证命令获取用户信息中用户的权限信息,并对权限信息进行解析,权限验证命令的参数包括文件目录。Step S1031: Obtain the user's permission information in the user information through a permission verification command, and parse the permission information. The parameters of the permission verification command include the file directory.
步骤S1032,若解析结果为用户可以对文件目录进行修改,则确定用户具有文件目录的操作权限。Step S1032: If the parsing result shows that the user can modify the file directory, it is determined that the user has the operation authority for the file directory.
步骤S1033,若解析结果为用户无法对文件目录进行修改,则确定用户不具有文件目录的操作权限。Step S1033: If the parsing result is that the user cannot modify the file directory, it is determined that the user does not have the operation authority for the file directory.
在本发明实施例中,通过执行带有文件目录参数的权限验证命令,获取用户的权限信息,并解析用户的权限信息,以判断出用户是否具有文件目录的操作权限。In the embodiment of the present invention, the user's permission information is obtained by executing a permission verification command with file directory parameters, and the user's permission information is parsed to determine whether the user has the operating permission for the file directory.
若解析结果为用户可以对文件目录进行修改,则用户可以对已经存在的权限进行修改、删除等设置,还可以增加新的组或用户的ACL权限。若解析结果为用户无法对文件目录进行修改,则用户不具有文件目录的操作权限,用户将无法修改文件目录的权限,同时所有的操作提示也无需发送至用户。If the parsing result shows that the user can modify the file directory, the user can modify or delete existing permissions, and can also add ACL permissions for new groups or users. If the parsing result is that the user cannot modify the file directory, the user does not have the operation permissions of the file directory, and the user will not be able to modify the permissions of the file directory, and all operation prompts do not need to be sent to the user.
对用户的权限进行判断,在用户可以对文件目录进行修改的情况下,确定用户具有操作权限,以便于用户的权限进行设置,在用户无法对文件目录进行修改的情况下,确定用户不具有操作权限,以对用户的权限进行限定。Determine the user's permissions. If the user can modify the file directory, determine that the user has operation permissions so that the user's permissions can be set. If the user cannot modify the file directory, determine that the user does not have the operation permissions. Permissions to limit the user's permissions.
在一实施例中,本发明实施例提供的访问控制列表权限设置方法还包括如下步骤:In one embodiment, the access control list permission setting method provided by the embodiment of the present invention further includes the following steps:
步骤Sa,获取用户对是否同步子目录的权限设置的选择结果,并根据选择结果对子目录的权限进行对应自动设置。Step Sa: Obtain the user's selection result on whether to synchronize the permission settings of the subdirectory, and automatically set the permissions of the subdirectory according to the selection result.
在本发明实施例中,在根据用户的操作命令对待设置文件系统的文件目录的ACL权限进行自动设置之前,在UI交互界面向用户提供选择对话,确认用户是否同步子目录的权限设置,用户在选择对话中选择是否同步子目录的权限设置。In the embodiment of the present invention, before automatically setting the ACL permissions of the file directory of the file system to be set according to the user's operation command, a selection dialog is provided to the user on the UI interactive interface to confirm whether the user has synchronized the permission settings of the subdirectory. In the selection dialog, choose whether to synchronize the permission settings of the subdirectory.
若用户的选择结果为同步子目录的权限设置,则根据用户的操作命令对待设置文件系统的文件目录的ACL权限进行自动设置时,同步对子目录的权限进行自动设置。若用户的选择结果为不同步子目录的权限设置,设置子目录的权限无需同步对子目录的权限设置。If the user's selection result is to synchronize the permission settings of the subdirectory, when the ACL permissions of the file directory of the file system to be set are automatically set according to the user's operation command, the permissions of the subdirectory are automatically set simultaneously. If the user's selection result is that the permission settings of the subdirectory are not synchronized, setting the permissions of the subdirectory does not require synchronizing the permission settings of the subdirectory.
除此之外,在获取用户对是否同步子目录的权限设置的选择结果时,还可以获取用户对指定特殊目录享有不同的权限设置结果,以根据用户的权限设置结果,对用户的指定特殊目录进行不同的权限设置。In addition, when obtaining the user's choice of whether to synchronize subdirectories' permission settings, you can also obtain the results of the user's different permission settings for the specified special directory, so as to determine the user's specified special directory based on the user's permission setting results. Make different permission settings.
在用户具有临时权限的情况下,对临时权限的时间进行自动设置,以避免管理员在临时授权权限忘记修改导致权限被修改的可能性。When the user has temporary permissions, the time of the temporary permissions is automatically set to avoid the possibility that the administrator forgets to modify the temporary permissions and causes the permissions to be modified.
在一实施例中,本发明实施例提供的访问控制列表权限设置方法还包括如下步骤:In one embodiment, the access control list permission setting method provided by the embodiment of the present invention further includes the following steps:
步骤Sb,判断用户是否具有临时权限。Step Sb, determine whether the user has temporary permissions.
步骤Sc,若用户具有临时权限,则获取临时权限对应的时间戳。Step Sc, if the user has temporary permissions, obtain the timestamp corresponding to the temporary permissions.
步骤Sd,根据时间戳对用户的临时权限的时间进行自动设置。Step Sd: Automatically set the time of the user's temporary permission based on the timestamp.
在本发明实施例中,在根据用户的操作命令对待设置文件系统的文件目录的ACL权限进行自动设置之前,判断用户是否具有ACL设置的临时权限,若用户具有临时权限,则获取临时权限对应的时间戳,在该用户的权限属性中加入时间戳,以实现临时功能。In the embodiment of the present invention, before automatically setting the ACL permissions of the file directory of the file system to be set according to the user's operation command, it is determined whether the user has temporary permissions for the ACL setting. If the user has temporary permissions, the corresponding temporary permissions are obtained. Timestamp, add timestamp to the user's permission attributes to implement temporary functions.
根据时间戳对用户的临时权限的时间进行自动设置,即在临时权限的时间戳之前,用户可以进行ACL权限设置,到达临时权限时间戳后,用户的ACL设置权限自动消失,即无法对ACL权限进行设置。The user's temporary permission time is automatically set based on the timestamp. That is, the user can set the ACL permission before the temporary permission timestamp. After the temporary permission timestamp is reached, the user's ACL setting permission automatically disappears, that is, the ACL permission cannot be set. Make settings.
在用户具有临时权限的情况下,对临时权限的时间进行自动设置,以避免管理员在临时授权权限忘记修改导致权限被修改的可能性。When the user has temporary permissions, the time of the temporary permissions is automatically set to avoid the possibility that the administrator forgets to modify the temporary permissions and causes the permissions to be modified.
具体地,在一实施例中,本发明实施例提供的访问控制列表权限设置方法还包括如下步骤:Specifically, in one embodiment, the access control list permission setting method provided by the embodiment of the present invention further includes the following steps:
步骤S102a,若无法识别出待设置文件系统的类型,则获取待设置文件系统的配置文件,根据配置文件对待设置文件系统进行加载,并根据配置文件重新识别待设置文件系统的类型。Step S102a, if the type of the file system to be set cannot be identified, obtain the configuration file of the file system to be set, load the file system to be set according to the configuration file, and re-identify the type of the file system to be set based on the configuration file.
在本发明实施例中,若无法识别待设置文件系统的类型,即该文件系统属于比较不常见的文件系统,需要手动配置。获取待设置文件系统的配置文件,进行手动加载,重新识别待设置文件系统的类型,对待设置文件系统进行加载,再继续对待设置文件系统的ACL权限进行设置,根据类型获取待设置文件系统的文件目录的权限信息,根据待设置文件系统的文件目录的权限信息,判断已加载完成的用户信息中的用户是否有文件目录的操作权限。若用户具有文件目录的操作权限,则获取用户的操作命令,并根据用户的操作命令对待设置文件系统的文件目录的ACL权限进行自动设置。ACL权限设置过程同上述步骤S102~步骤S104中自动设置访问控制列表权限的过程相同,此处不再赘述。In this embodiment of the present invention, if the type of the file system to be set cannot be identified, that is, the file system is a relatively uncommon file system and needs to be configured manually. Obtain the configuration file of the file system to be set, load it manually, re-identify the type of the file system to be set, load the file system to be set, and then continue to set the ACL permissions of the file system to be set, and obtain the files of the file system to be set according to the type. The permission information of the directory, based on the permission information of the file directory of the file system to be set, determines whether the user in the loaded user information has the operation permission of the file directory. If the user has the operation permission of the file directory, the user's operation command is obtained, and the ACL permission of the file directory of the file system to be set is automatically set according to the user's operation command. The ACL permission setting process is the same as the process of automatically setting access control list permissions in the above-mentioned steps S102 to S104, and will not be described again here.
对无法识别出类型上的待设置文件系统进行配置文件加载,以对加载后的文件系统进行ACL自动设置,以使得兼容NFS、AFS、KFS、HDFS、GPFS、NFS4等多种文件系统,实现不同文件系统的ACL权限自动设置。Load the configuration file of the file system to be set whose type cannot be identified to automatically set the ACL of the loaded file system to make it compatible with NFS, AFS, KFS, HDFS, GPFS, NFS4 and other file systems to achieve different File system ACL permissions are automatically set.
如图2所示,对于NFS、AFS等可以直接识别类型的文件系统,采用识别文件系统、选择文件目录、判断用户有无操作权限的方式对ACL权限进行设置,对于未识别到的文件系统,采用加载配置文件、获取对应的信息和权限配置方法、再进行选择文件目录、判断用户有无操作权限的方式对ACL权限进行设置。若用户没有操作权限,即只可查看权限设置,则直接结束。As shown in Figure 2, for NFS, AFS and other file systems that can directly identify the type, the ACL permissions are set by identifying the file system, selecting the file directory, and determining whether the user has operation permissions. For unrecognized file systems, Set ACL permissions by loading the configuration file, obtaining the corresponding information and permission configuration method, then selecting the file directory, and determining whether the user has operation permissions. If the user does not have operation permissions, that is, he can only view permission settings, it will end directly.
在本实施例中还提供了一种访问控制列表权限设置装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。This embodiment also provides an access control list permission setting device, which is used to implement the above embodiments and preferred implementations. What has already been described will not be described again. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
本实施例提供一种访问控制列表权限设置装置,如图3所示,包括:This embodiment provides an access control list permission setting device, as shown in Figure 3, including:
第一判断模块301,用于获取已加载完成的用户信息,并判断能否识别出待设置文件系统的类型。The first judgment module 301 is used to obtain the loaded user information and judge whether the type of the file system to be set can be identified.
第一获取模块302,用于若能够识别出待设置文件系统的类型,根据类型获取待设置文件系统的文件目录的权限信息。The first obtaining module 302 is configured to obtain the permission information of the file directory of the file system to be set according to the type if the type of the file system to be set can be identified.
第二判断模块303,用于根据待设置文件系统的文件目录的权限信息,判断已加载完成的用户信息中所表征的用户是否有文件目录的操作权限。The second judgment module 303 is used to judge whether the user represented in the loaded user information has the operation permission of the file directory based on the permission information of the file directory of the file system to be set.
第一设置模块304,用于若用户具有文件目录的操作权限,则获取用户的操作命令,并根据用户的操作命令对待设置文件系统的文件目录的访问控制列表权限进行自动设置。The first setting module 304 is used to obtain the user's operation command if the user has the operation permission of the file directory, and automatically set the access control list permissions of the file directory of the file system to be set according to the user's operation command.
在一些可选的实施方式中,第一判断模块301包括:In some optional implementations, the first judgment module 301 includes:
验证单元,用于加载所有用户信息,并根据用户信息对用户的身份进行验证。The verification unit is used to load all user information and verify the user's identity based on the user information.
删除单元,用于若用户的身份验证未通过,则在所有用户信息中删除对应用户。The deletion unit is used to delete the corresponding user from all user information if the user's identity verification fails.
在一些可选的实施方式中,第一获取模块302包括:In some optional implementations, the first acquisition module 302 includes:
第一获取单元,用于根据类型获取对应的权限控制命令集。The first acquisition unit is used to acquire the corresponding authority control command set according to the type.
第二获取单元,用于根据权限控制命令集中的命令获取待设置文件系统的文件目录的权限信息。The second acquisition unit is used to acquire the permission information of the file directory of the file system to be set according to the commands in the permission control command set.
在一些可选的实施方式中,第二判断模块303包括:In some optional implementations, the second judgment module 303 includes:
解析单元,用于通过权限验证命令获取用户信息中用户的权限信息,并对权限信息进行解析,权限验证命令的参数包括文件目录。The parsing unit is used to obtain the user's permission information in the user information through a permission verification command, and parse the permission information. The parameters of the permission verification command include the file directory.
第一确定单元,用于若解析结果为用户可以对文件目录进行修改,则确定用户具有文件目录的操作权限。The first determination unit is used to determine that the user has the operation permission of the file directory if the parsing result shows that the user can modify the file directory.
第二确定单元,用于若解析结果为用户无法对文件目录进行修改,则确定用户不具有文件目录的操作权限。The second determination unit is used to determine that the user does not have the operation permission of the file directory if the parsing result is that the user cannot modify the file directory.
在一些可选的实施方式中,该装置还包括:In some optional implementations, the device further includes:
第二设置模块,用于获取用户对是否同步子目录的权限设置的选择结果,并根据选择结果对子目录的权限进行对应自动设置。The second setting module is used to obtain the user's selection result on whether to synchronize the permission setting of the subdirectory, and automatically set the permissions of the subdirectory according to the selection result.
在一些可选的实施方式中,该装置还包括:In some optional implementations, the device further includes:
第三判断模块,用于判断用户是否具有临时权限。The third judgment module is used to judge whether the user has temporary permissions.
第二获取模块,用于若用户具有临时权限,则获取临时权限对应的时间戳。The second acquisition module is used to obtain the timestamp corresponding to the temporary permission if the user has temporary permission.
自动设置模块,用于根据时间戳对用户的临时权限的时间进行自动设置。The automatic setting module is used to automatically set the time of the user's temporary permissions based on the timestamp.
在一些可选的实施方式中,该装置还包括:In some optional implementations, the device further includes:
识别模块,用于若无法识别出待设置文件系统的类型,则获取待设置文件系统的配置文件,根据配置文件对待设置文件系统进行加载,并根据配置文件重新识别待设置文件系统的类型。The identification module is used to obtain the configuration file of the file system to be set if the type of the file system to be set cannot be identified, load the file system to be set according to the configuration file, and re-identify the type of the file system to be set based on the configuration file.
上述各个模块和单元的更进一步的功能描述与上述对应实施例相同,在此不再赘述。Further functional descriptions of the above-mentioned modules and units are the same as those in the above-mentioned corresponding embodiments, and will not be described again here.
本实施例中的访问控制列表权限设置装置是以功能单元的形式来呈现,这里的单元是指ASIC(Application Specific Integrated Circuit,专用集成电路)电路,执行一个或多个软件或固定程序的处理器和存储器,和/或其他可以提供上述功能的器件。The access control list permission setting device in this embodiment is presented in the form of a functional unit. The unit here refers to an ASIC (Application Specific Integrated Circuit) circuit, a processor that executes one or more software or fixed programs. and memory, and/or other devices that can provide the above functions.
本发明实施例还提供一种计算机设备,具有上述图3所示的访问控制列表权限设置装置。An embodiment of the present invention also provides a computer device having the access control list permission setting device shown in Figure 3 above.
请参阅图4,图4是本发明可选实施例提供的一种计算机设备的结构示意图,如图4所示,该计算机设备包括:一个或多个处理器10、存储器20,以及用于连接各部件的接口,包括高速接口和低速接口。各个部件利用不同的总线互相通信连接,并且可以被安装在公共主板上或者根据需要以其它方式安装。处理器可以对在计算机设备内执行的指令进行处理,包括存储在存储器中或者存储器上以在外部输入/输出装置(诸如,耦合至接口的显示设备)上显示GUI的图形信息的指令。在一些可选的实施方式中,若需要,可以将多个处理器和/或多条总线与多个存储器和多个存储器一起使用。同样,可以连接多个计算机设备,各个设备提供部分必要的操作(例如,作为服务器阵列、一组刀片式服务器、或者多处理器系统)。图4中以一个处理器10为例。Please refer to Figure 4. Figure 4 is a schematic structural diagram of a computer device provided by an optional embodiment of the present invention. As shown in Figure 4, the computer device includes: one or more processors 10, a memory 20, and a device for connecting The interfaces of each component include high-speed interfaces and low-speed interfaces. Various components communicate with each other using different buses and can be installed on a common motherboard or in other ways as needed. The processor may process instructions executed within the computer device, including instructions stored in or on memory to display graphical information of the GUI on an external input/output device, such as a display device coupled to the interface. In some alternative implementations, multiple processors and/or multiple buses may be used with multiple memories and multiple memories, if desired. Likewise, multiple computer devices may be connected, each device providing part of the necessary operation (eg, as a server array, a set of blade servers, or a multi-processor system). Figure 4 takes a processor 10 as an example.
处理器10可以是中央处理器,网络处理器或其组合。其中,处理器10还可以进一步包括硬件芯片。上述硬件芯片可以是专用集成电路,可编程逻辑器件或其组合。上述可编程逻辑器件可以是复杂可编程逻辑器件,现场可编程逻辑门阵列,通用阵列逻辑或其任意组合。The processor 10 may be a central processing unit, a network processor, or a combination thereof. The processor 10 may further include a hardware chip. The above-mentioned hardware chip can be an application-specific integrated circuit, a programmable logic device or a combination thereof. The above-mentioned programmable logic device may be a complex programmable logic device, a field programmable logic gate array, a general array logic or any combination thereof.
其中,存储器20存储有可由至少一个处理器10执行的指令,以使至少一个处理器10执行实现上述实施例示出的方法。The memory 20 stores instructions that can be executed by at least one processor 10, so that the at least one processor 10 executes the method shown in the above embodiment.
存储器20可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储根据计算机设备的使用所创建的数据等。此外,存储器20可以包括高速随机存取存储器,还可以包括非瞬时存储器,例如至少一个磁盘存储器件、闪存器件、或其他非瞬时固态存储器件。在一些可选的实施方式中,存储器20可选包括相对于处理器10远程设置的存储器,这些远程存储器可以通过网络连接至该计算机设备。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 20 may include a program storage area and a data storage area, where the program storage area may store an operating system and an application program required for at least one function; the storage data area may store data created according to the use of the computer device, etc. In addition, the memory 20 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some optional implementations, the memory 20 may optionally include memories remotely located relative to the processor 10 , and these remote memories may be connected to the computer device through a network. Examples of the above-mentioned networks include but are not limited to the Internet, intranets, local area networks, mobile communication networks and combinations thereof.
存储器20可以包括易失性存储器,例如,随机存取存储器;存储器也可以包括非易失性存储器,例如,快闪存储器,硬盘或固态硬盘;存储器20还可以包括上述种类的存储器的组合。The memory 20 may include a volatile memory, such as a random access memory; the memory may also include a non-volatile memory, such as a flash memory, a hard disk or a solid state drive; the memory 20 may also include a combination of the above types of memories.
该计算机设备还包括输入装置30和输出装置40。处理器10、存储器20、输入装置30和输出装置40可以通过总线或者其他方式连接,图4中以通过总线连接为例。The computer device also includes input means 30 and output means 40 . The processor 10, the memory 20, the input device 30 and the output device 40 may be connected through a bus or other means. In Figure 4, connection through a bus is taken as an example.
输入装置30可接收输入的数字或字符信息,以及产生与该计算机设备的用户设置以及功能控制有关的键信号输入,例如触摸屏等。输出装置40可以包括显示设备等。The input device 30 may receive input numeric or character information and generate key signal input related to user settings and function control of the computer device, such as a touch screen, etc. The output device 40 may include a display device or the like.
本发明实施例还提供了一种计算机可读存储介质,上述根据本发明实施例的方法可在硬件、固件中实现,或者被实现为可记录在存储介质,或者被实现通过网络下载的原始存储在远程存储介质或非暂时机器可读存储介质中并将被存储在本地存储介质中的计算机代码,从而在此描述的方法可被存储在使用通用计算机、专用处理器或者可编程或专用硬件的存储介质上的这样的软件处理。其中,存储介质可为磁碟、光盘、只读存储记忆体、随机存储记忆体、快闪存储器、硬盘或固态硬盘等;进一步地,存储介质还可以包括上述种类的存储器的组合。可以理解,计算机、处理器、微处理器控制器或可编程硬件包括可存储或接收软件或计算机代码的存储组件,当软件或计算机代码被计算机、处理器或硬件访问且执行时,实现上述实施例示出的方法。Embodiments of the present invention also provide a computer-readable storage medium. The above-mentioned method according to the embodiment of the present invention can be implemented in hardware or firmware, or can be recorded in a storage medium, or can be implemented as original storage downloaded through the network. Computer code in a remote storage medium or a non-transitory machine-readable storage medium and to be stored in a local storage medium such that the methods described herein may be stored on a computer using a general purpose computer, a special purpose processor, or programmable or special purpose hardware Such software processing on storage media. The storage medium may be a magnetic disk, an optical disk, a read-only memory, a random access memory, a flash memory, a hard disk or a solid state drive, etc.; further, the storage medium may also include a combination of the above types of memories. It can be understood that a computer, processor, microprocessor controller or programmable hardware includes a storage component that can store or receive software or computer code. When the software or computer code is accessed and executed by the computer, processor or hardware, the above implementations are implemented. The method illustrated.
虽然结合附图描述了本发明的实施例,但是本领域技术人员可以在不脱离本发明的精神和范围的情况下做出各种修改和变型,这样的修改和变型均落入由所附权利要求所限定的范围之内。Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art can make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope of the appended rights. within the scope of the requirements.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311628191.1ACN117454429B (en) | 2023-11-30 | 2023-11-30 | Access control list authority setting method, device, equipment and storage medium |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311628191.1ACN117454429B (en) | 2023-11-30 | 2023-11-30 | Access control list authority setting method, device, equipment and storage medium |
| Publication Number | Publication Date |
|---|---|
| CN117454429Atrue CN117454429A (en) | 2024-01-26 |
| CN117454429B CN117454429B (en) | 2024-07-16 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311628191.1AActiveCN117454429B (en) | 2023-11-30 | 2023-11-30 | Access control list authority setting method, device, equipment and storage medium |
| Country | Link |
|---|---|
| CN (1) | CN117454429B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119420771A (en)* | 2024-11-01 | 2025-02-11 | 苏州元脑智能科技有限公司 | Data access method, device, computer equipment and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014040461A1 (en)* | 2012-09-13 | 2014-03-20 | 中兴通讯股份有限公司 | Access control method and device |
| CN104462937A (en)* | 2014-12-17 | 2015-03-25 | 中国人民解放军国防科学技术大学 | Operating system peripheral access permission control method based on users |
| US20150278543A1 (en)* | 2014-03-25 | 2015-10-01 | Futurewei Technologies, Inc. | System and Method for Optimizing Storage of File System Access Control Lists |
| CN107679420A (en)* | 2017-10-23 | 2018-02-09 | 郑州云海信息技术有限公司 | A kind of authority setting method and system based on distributed file system |
| CN109190406A (en)* | 2018-09-03 | 2019-01-11 | 郑州云海信息技术有限公司 | A kind of distributed storage authorization check method, permission querying method and device |
| CN109858278A (en)* | 2019-01-14 | 2019-06-07 | 世纪龙信息网络有限责任公司 | File permission setting method, device, computer equipment and storage medium |
| CN112003830A (en)* | 2020-07-29 | 2020-11-27 | 苏州浪潮智能科技有限公司 | A kind of cluster file system permission control method and device |
| CN114117508A (en)* | 2020-08-28 | 2022-03-01 | 山东爱城市网信息技术有限公司 | Directory file authority management method and device based on IPFS |
| US20220129573A1 (en)* | 2020-10-27 | 2022-04-28 | Atos IT Solutions & Services Inc. | Universal file access control system and method |
| CN115510469A (en)* | 2022-10-21 | 2022-12-23 | 济南浪潮数据技术有限公司 | A rights management method, system and device |
| CN115795502A (en)* | 2022-11-18 | 2023-03-14 | 济南浪潮数据技术有限公司 | A permission management method, system and related components of a distributed file system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014040461A1 (en)* | 2012-09-13 | 2014-03-20 | 中兴通讯股份有限公司 | Access control method and device |
| US20150278543A1 (en)* | 2014-03-25 | 2015-10-01 | Futurewei Technologies, Inc. | System and Method for Optimizing Storage of File System Access Control Lists |
| CN104462937A (en)* | 2014-12-17 | 2015-03-25 | 中国人民解放军国防科学技术大学 | Operating system peripheral access permission control method based on users |
| CN107679420A (en)* | 2017-10-23 | 2018-02-09 | 郑州云海信息技术有限公司 | A kind of authority setting method and system based on distributed file system |
| CN109190406A (en)* | 2018-09-03 | 2019-01-11 | 郑州云海信息技术有限公司 | A kind of distributed storage authorization check method, permission querying method and device |
| CN109858278A (en)* | 2019-01-14 | 2019-06-07 | 世纪龙信息网络有限责任公司 | File permission setting method, device, computer equipment and storage medium |
| CN112003830A (en)* | 2020-07-29 | 2020-11-27 | 苏州浪潮智能科技有限公司 | A kind of cluster file system permission control method and device |
| CN114117508A (en)* | 2020-08-28 | 2022-03-01 | 山东爱城市网信息技术有限公司 | Directory file authority management method and device based on IPFS |
| US20220129573A1 (en)* | 2020-10-27 | 2022-04-28 | Atos IT Solutions & Services Inc. | Universal file access control system and method |
| CN115510469A (en)* | 2022-10-21 | 2022-12-23 | 济南浪潮数据技术有限公司 | A rights management method, system and device |
| CN115795502A (en)* | 2022-11-18 | 2023-03-14 | 济南浪潮数据技术有限公司 | A permission management method, system and related components of a distributed file system |
| Title |
|---|
| LITCHFIELD, ALAN 等: "XFilter: An Extension of the Integrity Measurement Architecture Based on Fine-Grained Policies", APPLIED SCIENCES-BASEL, 15 May 2023 (2023-05-15), pages 1 - 22* |
| 廖常武;: "基于NTFS的数据有效访问权限计算模型", 微型电脑应用, no. 11, 20 November 2017 (2017-11-20), pages 24 - 26* |
| 梁树军;李玉华;尚展垒;: "基于访问控制技术的网络安全体系结构研究与设计", 网络安全技术与应用, no. 05, 15 May 2016 (2016-05-15), pages 23 - 24* |
| 郭建伟;: "巧用动态访问控制, 灵活管理访问权限", 电脑知识与技术(经验技巧), no. 09, 5 September 2018 (2018-09-05), pages 20 - 25* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119420771A (en)* | 2024-11-01 | 2025-02-11 | 苏州元脑智能科技有限公司 | Data access method, device, computer equipment and storage medium |
| Publication number | Publication date |
|---|---|
| CN117454429B (en) | 2024-07-16 |
| Publication | Publication Date | Title |
|---|---|---|
| US9813485B2 (en) | Communication of virtual machine data | |
| US10154112B1 (en) | Cloud-to-cloud data migration via cache | |
| US9854131B2 (en) | Image forming apparatus with personal setting synchronization and method for controlling same | |
| CN110032544B (en) | Permission management method for cloud services and its cloud data storage system | |
| US10405156B2 (en) | Managed device migration and configuration | |
| CN108885671A (en) | A kind of directory delete method, apparatus and storage server | |
| US10338852B2 (en) | Systems and methods for list retrieval in a storage device | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| CN117729217B (en) | Cloud platform and bucket management method for object storage service provided by cloud platform | |
| CN106302609B (en) | An access method and device | |
| CN112948340A (en) | Data synchronization method and device, electronic equipment and readable storage medium | |
| US20150227605A1 (en) | Information processing terminal, synchronization control method, and computer-readable recording medium | |
| JP2016527603A (en) | Light installer | |
| US9313208B1 (en) | Managing restricted access resources | |
| CN117454429B (en) | Access control list authority setting method, device, equipment and storage medium | |
| US9203903B2 (en) | Processing a request to mount a boot volume | |
| CN112486508B (en) | Deployment method of operating system, server and computer storage medium | |
| CN118194322A (en) | Authority control method, device, computer equipment and storage medium | |
| US9178867B1 (en) | Interacting with restricted environments | |
| CN108509252A (en) | Virtual machine starter, method and host | |
| CA3142504C (en) | Techniques for file versioning to protect against file corruption | |
| US11221796B2 (en) | Redirection of I/O requests from local to remote storage locations to improve network performance and data redundancy | |
| EP4557703A1 (en) | Object storage service configuration method and apparatus based on cloud computing technology | |
| CN118646595B (en) | Method, equipment and storage medium for repairing server to avoid secret mutual trust | |
| CN116932555B (en) | Target object slice position determining method, device, equipment and storage medium |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PP01 | Preservation of patent right | ||
| PP01 | Preservation of patent right | Effective date of registration:20250805 Granted publication date:20240716 |