锁定目录的C ++解决方案-Linux
[英]c++ solution to locking a directory - linux
问题描述
A simple question. 
一个简单的问题。 Is it possible to lock a directory under linux ? 可以在linux下锁定目录吗? Actually what I need is that only one application (which I wrote) has an access to a specified directory which is created by this application. 实际上,我需要的是只有一个应用程序(我编写的)可以访问由该应用程序创建的指定目录。 So basically it is a cache directory for that app and so-far users have been messing with it. 因此,基本上,它是该应用程序的缓存目录,到目前为止,用户一直在使用它。 so i wish to prevent this in future. 所以我希望将来避免这种情况。
Is it possible to do this?? 是否有可能做到这一点?? and how (language: c++)? 以及如何使用(语言:C ++)?
2 个解决方案
解决方案1
0 已采纳 2015-04-03 22:42:49
Not possible in standard C++ at all. 在标准C ++中根本不可能。
Under linux, use setuid permissions on the executable, so it runs in context of its owner. 在linux下,对可执行文件使用setuid权限,因此它在其所有者的上下文中运行。 Then you can lock down access permissions for the directory, so it is only accessible to the owner of the executable. 然后,您可以锁定目录的访问权限,因此只有可执行文件的所有者才能访问该目录。
Of course, this doesn't stop users using your program from messing with your cache. 当然,这不会阻止使用您的程序的用户弄乱您的缓存。 You need to design your program so it prevents inappropriate actions by users. 您需要设计程序,以防止用户进行不适当的操作。 And make sure the owner account (which can be set up specifically for your application) does not have more privileges than it needs. 并确保所有者帐户(可以为您的应用程序专门设置)的特权不超过所需的特权。
解决方案2
0 2015-04-03 22:55:55
If you trust people who have "root" permission on the system(s) that this is installed on, you can rely on having a special user or group, and use setuid and/or setgid to prevent others from tampering with the file. 如果您信任对该系统具有“ root”权限的人员,则可以依靠拥有特殊用户或组,并使用setuid和/或setgid来防止其他人篡改该文件。 This does, however, mean that the installer of the software will need to have root permission, so "any" user can't install the software, which in some circumstances may not be a good solution. 但是,这确实意味着该软件的安装程序将需要具有root用户权限,因此“任何”用户都无法安装该软件,在某些情况下这可能不是一个好的解决方案。
The better solution is really to either have a hash of the file stored in the file [plus some constant data or some such, so that the user can't just run sha1 modified-file and get the "right hash"], or encrypt the whole file. 更好的解决方案实际上是将文件的哈希值存储在文件中[加上一些常量数据或类似的数据,这样用户就不能只运行sha1 modified-file并获得“正确的哈希值”],或者加密整个文件。
The problem with BOTH of these methods is that you still can't rely on it 100% - someone with enough motivation and resources will figure out what the constant data is, and just calculate that as new hash after modifying the data in your file. 这两种方法的问题在于,您仍然不能100%依赖它-具有足够动力和资源的人会弄清楚常量数据是什么,并在修改文件中的数据后将其作为新的哈希值进行计算。 And similarly, assuming your application knows how to decrypt the file, the application can be reverse engineered to find the encryption key and encryption method. 同样,假设您的应用程序知道如何解密文件,则可以对应用程序进行反向工程以找到加密密钥和加密方法。
So you are fighting a "code war" (pun on cold war) against your "users". 因此,您正在与“用户”进行“代码战”(冷战双打)。
There are commercial solutions available for license management (and that I have been the user of is FlexLM, but there are several others too). 有用于许可证管理的商业解决方案(我一直使用的是FlexLM,但还有其他几种解决方案)。 This is a little more work, and will probably cost a little bit in license fees, but you will save yourself a whole heap of potential headache if you use a commercial product. 这需要更多的工作,并且可能会花费一些许可费,但是如果您使用商业产品,则可以避免很多麻烦。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.