具有受限文件读/写权限的Java启动应用程序
[英]Java launch application with restricted file read/write permissions
问题描述
At first, sorry for my bad english. 
起初,抱歉我的英语不好。 I'm from Germany. 我来自德国。 Currently i am programing an Java application that executes applications remotely. 目前,我正在编程一个Java应用程序,该程序可以远程执行应用程序。 Now i want to restrict the file access for each process that every process can only read and write files in his specific working Directory and files in directorys below but not files in directorys above. 现在,我想限制每个进程的文件访问权限,即每个进程只能读写其特定工作目录中的文件和以下目录中的文件,而不能读取上方目录中的文件。 This program should be work on windows and on linux. 该程序应可在Windows和Linux上运行。 My First idea was to create for every process an new user with the specific Access permissions but i don't know how i can do this in Java and this soulution sounds for me a little bit dirty. 我的第一个想法是为每个进程创建一个具有特定访问权限的新用户,但我不知道如何在Java中执行此操作,这对我来说听起来有点脏。
1 个解决方案
解决方案1
0 已采纳 2018-08-29 21:43:22
At that time, when I asked this question, I basically wanted to only automatically start processes and additionally isolate the processes from the rest of the system. 那时,当我问这个问题时,我基本上只想自动启动进程,并将进程与系统的其余部分隔离开来。
This Problem becomes now realy simple to solve through Docker and Kubernetes. 现在,通过Docker和Kubernetes解决这个问题非常简单。
You can run: 你可以运行:
docker run -v <Host-Directory>:<Container-Directory> -d --rm dockerimage
Through the -v <Host-Directory>:<Container-Directory> switch you can mount a specific directory to an directory in the docker container. 通过-v <Host-Directory>:<Container-Directory>开关,您可以将特定目录挂载到docker容器中的目录。 You can read more about that in the Docker Documentation: https://docs.docker.com/engine/reference/commandline/run/#mount-volume--v---read-only 您可以在Docker文档中阅读有关此内容的更多信息: https ://docs.docker.com/engine/reference/commandline/run/#mount-volume--v---只读
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.