堆栈内存溢出
  简体   繁体   English

Linux中的文件锁定

[英]File Locking in Linux

 原文  2013-10-20 20:31:02       c/ visual-c++/ c++11/ file-locking

问题描述

First question: 第一个问题:

Can users lock files in Linux/Unix from reading or writing? 用户可以锁定Linux / Unix中的文件以进行读写吗?

Second question: 第二个问题:

Can users burn locked files onto any optical medium? 用户可以将锁定的文件刻录到任何光学介质上吗? Afterwards, will it correspond with any operating system? 之后,它将与任何操作系统相对应吗?

Third question: 第三个问题:

If a file is locked for reading or writing and is burned onto any optical medium, can the user try to rip it? 如果文件被锁定以进行读取或写入,并且已刻录到任何光学介质上,则用户可以尝试撕裂该文件吗? If so, afterwards, can any operating system kernel create an error message that denies any user except for the root user to perform that task? 如果是这样,那么以后,任何操作系统内核都可以创建一条错误消息来拒绝除root用户以外的任何用户执行该任务吗?

If the file is prevented from reading, then users cannot copy, open, or read it. 如果禁止读取文件,则用户无法复制,打开或读取文件。 If the file is prevented from writing, then users can move it within the desktop, but it may not be burned to any optical medium. 如果禁止写入文件,则用户可以在桌面中移动该文件,但可能不会将其刻录到任何光学介质上。

And one more thing, there is no such thing as cp permissions. 还有一件事,没有cp权限。 I have just found out earlier. 我刚刚才发现。

Since I am knowledgeable in C/C++ programming, I may likely to create a library in C/C++ if any operating system kernel does not support what I am trying to say. 因为我精通C / C ++编程,所以如果有任何操作系统内核不支持我要说的内容,我可能会用C / C ++创建一个库。 cC Afterwards, if it's possible, make it a library file and include it in the C/C++ library. cC之后,如果可能,请使其成为库文件并将其包含在C / C ++库中。

In order to perform that task I would have to make all variables declared in static data types, so that it can be retained whenever their operating system kernels respond to it. 为了执行该任务,我必须使所有变量都声明为静态数据类型,以便可以在其操作系统内核对其进行响应时将其保留。

Would that be an idea? 那是个主意吗?

Another idea is to implement the noncopyable library, which is only compatible with the Embarcadero C/C++ compiler, which is not freeware or shareware. 另一个想法是实现不可复制的库,该库仅与不是免费软件或共享软件的Embarcadero C / C ++编译器兼容。 Users would have to purchase from their website online. 用户必须从其网站上在线购买。

I may be mistaken since that topic relates to C/C++ version 11. Maybe Microsoft updated its Visual Studio for 2013 and will continue to do so in later years. 我可能会误会,因为该主题与C / C ++版本11有关。也许微软会在2013年更新其Visual Studio,并在以后的几年中继续这样做。

JohnDB 约翰·DB

4 个解决方案

解决方案1
 3  2013-10-20 21:45:03

The answer to your overall question here is "no". 您在此处总体问题的答案是“否”。 You can get POSIX permissions on optical media, but effective data security pretty much goes out the window as soon as you start distributing removable media. 您可以在光学介质上获得POSIX权限,但是,一旦开始分发可移动介质,有效的数据安全性就几乎消失了。

There are two major filesystems used for optical media: 光学媒体有两个主要的文件系统:

  • ISO 9660 , the old CD format. ISO 9660 ,旧的CD格式。

    The original version of this format didn't support permissions at all. 此格式的原始版本完全不支持权限。 Access control was up to the kernel, which decided en masse which single permission set to assign to all files on the disc. 访问控制是到内核,它决定哪一个权限集分配到光盘上的所有文件集体

    The Rock Ridge extensions added a POSIX-compatible permission scheme, but this is full of problems: Rock Ridge扩展添加了与POSIX兼容的权限方案,但这存在很多问题:

    1. You can give the norock mount option in Linux to make it ignore the permissions. 您可以在Linux中提供norock mount选项 ,使其忽略权限。

      Keep in mind that this is a removable optical medium. 请记住,这是可移动的光学介质。 If you're sending the disc out to people you don't have any control over, or the disc drive is physically accessible to the end user, they'll be able to defeat your permission scheme. 如果您将光盘发送给您无法控制的人,或者最终用户可以物理访问光盘驱动器,那么他们将可以击败您的许可方案。

    2. Permissions are based on user and group IDs, not names, so you're going to have the old problems of synchronizing user and group tables if you want users and groups on the target system to have some access. 权限基于用户和组ID,而不是名称,因此,如果希望目标系统上的用户和组具有某些访问权限,则将出现旧的同步用户表和组表的问题。

      About the only thing you can count on across systems that aren't managed under a single administrator or organization is that a file marked as owned by user ID 0 and group ID 0 will be read-only to root if it's set to mode 440 or 400. 关于在不受单个管理员或组织管理的系统上唯一可以依靠的事情是,如果将文件标识为由用户ID 0和组ID 0拥有,则该文件如果设置为440或,则将对root只读。 400

    3. Non-Linux OSes will interpret the permissions differently. 非Linux操作系统将以不同的方式解释权限。

      In my testing of this last year , Windows ignores optical disc permissions entirely. 在我去年的测试中 ,Windows完全忽略了光盘权限。

      OS X also ignores optical disc permissions by default when you simply insert the disc in the computer and let it auto-mount. 只需将光盘插入计算机并使其自动挂载,默认情况下,OS X也会忽略光盘权限。 I imagine you could make the OS obey permissions by manually mounting the disc, but that's really no security at all. 我想您可以通过手动安装光盘来使操作系统服从许可,但这根本没有安全性。

      This plays into problem #1 above, because it means defeating your permissions scheme is as simple as putting the disc in a Mac or Windows box. 这在上面的问题#1中起作用,因为这意味着取消权限计划就像将光盘放入Mac或Windows盒中一样简单。

    4. You asked about disc ripping, at which point all permissions go out the window, regardless of OS. 您询问了光盘翻录的问题,此时,无论使用什么操作系统, 所有权限均会消失。 The presumption with ripping is that you have complete read access to the disc, which means you have complete access to the data. 翻录的假定是您具有对光盘的完全读取访问权限,这意味着您具有对数据的完全访问权限。 You can do whatever you want with the data from that point on. 从那时起,您就可以对数据进行任何操作。

  • UDF , the effective replacement for ISO 9660 for CD-RW, DVD, and BluRay media. UDF ,是CD-RW,DVD和BluRay媒体的ISO 9660的有效替代品。

    UDF has POSIX file permissions from the start, so in that sense it is like ISO 9660 with the Rock Ridge extensions. UDF从一开始就具有POSIX文件权限,因此从某种意义上讲,它就像具有Rock Ridge扩展名的ISO 9660一样。 Unfortunately, the Linux implementation is no more secure, since you can mount the disc with uid=ignore,gid=ignore and it will behave just like norock with an ISO 9660 disc. 不幸的是,Linux的实现不再安全,因为您可以使用uid=ignore,gid=ignore装入光盘,并且其行为就像使用ISO 9660光盘的norock一样。

    Everything else above applies just as well to UDF. 以上所有其他内容也适用于UDF。

The bottom line is that you're trying to disregard a key principle of data security: physical access is complete access. 最重要的是,您试图忽略数据安全性的关键原则:物理访问是完全访问。 An unavoidable prerequisite for keeping people out of a system is to restrict their physical access to it. 使人们远离系统的不可避免的前提是限制他们对系统的物理访问。 That means you have to make them come to you for the files, not ship them discs and hope their OS kernel does what you want with the 1's and 0's on that disc. 这意味着您必须让他们来获取文件,而不是将它们运送到光盘中,并希望它们的OS内核以该光盘上的1和0来满足您的要求。

解决方案2
 2  2013-10-20 20:34:25

You can lock the file from any user to use it by running: 您可以通过运行以下命令锁定任何用户使用的文件: 

sudo chmod 000 <file>

This means that the owner, the group and others can't read, write or execute the file. 这意味着所有者,组和其他人无法读取,写入或执行文件。 Note that root can always set the file permissions back to something else, so the file is not locked forever after running that command. 请注意,root用户始终可以将文件权限设置回其他权限,因此在运行该命令后文件不会永远被锁定。

Typically will not be able to burn the file as you can't read from it and even if you would be able to, it would not properly keep its file permissions after writing it to a CD as that file system(CDFS) does not support them. 通常,由于无法读取文件,因此将无法刻录文件,即使可以,也无法将其写入CD后正确保留其文件权限,因为该文件系统(CDFS)不支持他们。

You can learn more about file permissions here . 您可以在此处了解有关文件权限的更多信息。

解决方案3
 1  2013-10-21 18:52:51

If you are having vim package then you can encrypt the file 如果您拥有vim软件包,则可以加密文件

:set key=your_key :set键=您的键

So that next time you open the file it will ask for the key 这样,下次您打开文件时,它将要求输入密钥

解决方案4
 0  2013-10-20 20:37:30

Short Version: 简洁版本:

1) Yes 1)是的

2) No 2)没有

3) See question 2's long-answer. 3)参见问题2的长答案。

Longer version: 较长版本:

Of course. 当然。 Users have an ownership on files. 用户拥有文件的所有权。 These can be modified, of course. 这些当然可以修改。 Files have three different permission "types" read, write and execute. 文件具有三种不同的读取,写入和执行权限“类型”。 Each file has these attributes either set or unset, to three different groups. 每个文件将这些属性设置为或未设置为三个不同的组。 User, group, and everyone. 用户,组和所有人。

This modification is done using the chmod command, usually followed by a string of characters, or a 3 digit octal symbol (0xxx). 此修改是使用chmod命令完成的,通常后跟一个字符串或一个3位数的八进制符号(0xxx)。

I'd suggest looking into the chmod command in the man pages, as they cover how to use it pretty effectively. 我建议您查阅手册页中的chmod命令,因为它们涵盖了如何非常有效地使用它。

As for the second question, no. 至于第二个问题,不。 Unfortunately optical media uses a file format that is effectively a data dump on a disc. 不幸的是,光学媒体使用的文件格式实际上是光盘上的数据转储。 The file system supports permissions, it's not an actual attribute of the file itself. 文件系统支持权限,它不是文件本身的实际属性。 As a result of this, the optical disc is just a solid copy of the data, nothing special with permissions. 结果,光盘只是数据的完整副本,没有特殊的权限。 That means, whenever the disc is used on ANY system, the permissions are always completely open. 这意味着,无论在任何系统上使用该光盘,权限始终是完全打开的。

Edit: Just to clarify. 编辑:只是为了澄清。 you cannot burn a file to a disc when you do not have read permission to the file. 如果您没有文件的读取权限,则无法将文件刻录到光盘上。 Sorry if that caused any confusion. 对不起,如果造成任何混乱。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Linux文件锁定 - Linux file locking Linux中的fcntl字节文件锁定 - fcntl bytes file locking in linux C windows 和 Linux 上的文件锁定行为 - C File Locking behavior on windows and Linux 锁定Linux串口 - Locking Linux Serial Port 文件锁定程序不锁定文件 - The file locking program is NOT LOCKING FILES Linux中最低的锁定原语是什么 - What are the lowest locking primitives in Linux 文件锁定+ Fscanf / Lseek - File locking + Fscanf/Lseek 文件锁定C编程 - file locking C programming 文件锁定套接字? - File locking a socket? 用c / c ++锁定linux中的文件 - Locking files in linux with c/c++
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM