Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Linux access authority control method based on index node

A technology of access rights and index nodes, applied in the computer field, can solve cumbersome problems and achieve the effect of convenient deployment and implementation

Inactive Publication Date: 2018-11-06
杭州龙境科技有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method strictly restricts every access to the system, which is mainly implemented through the LSM framework of Linux. However, whether it is SELinux, Apparmor, Smack or TOMOYO Linux, it is cumbersome to configure and use, and requires a certain amount of work. Each operation sets the permission relationship

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Linux access authority control method based on index node
  • Linux access authority control method based on index node

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be further described below in conjunction with accompanying drawing and specific embodiment:

[0023] Such as Figure 1~2 As shown, the index node-based Linux access authority control method of the present invention comprises the following steps:

[0024] S1. Modify the kernel source code, add a system call, and after the system call interface is initialized, establish a corresponding relationship table between the index node and the process number in the kernel space; the loading process of the corresponding relationship table is realized by system calling or loading a read-only device .

[0025] S2. Modify the kernel source code, and add access control judgment for the system call of the file system according to the corresponding relationship table described in step S1; wherein the system call of the file system can be modified according to the actual usage scenario, including but not limited to open, and can also be read, write, etc.

[...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of computers, and particularly relates to a Linux access authority control method based on an index node, wherein the method mainly comprises the followingsteps: S1, modifying a kernel source code, adding system calling, and establishing a corresponding relation table of a process number and the index node in a kernel space; S2, modifying the kernel source code according to the corresponding relation table established in the step S1, and adding access authority control judgement for system calling of a file system; S3, by a kernel, executing the access authority control judgement of the step S2 for users accessing to the kernel space. Compared with the conventional DAC scheme, the method provided by the invention has the advantage of guaranteeing some important files according to PID even having a root authority. And compared with a MAC scheme, the method provided by the invention has the advantages of being in lightweight class, being convenient to deploy and implement, having no need of setting access rules for each operation, and being capable of setting and modifying the rules as needed.

Description

technical field [0001] The invention relates to the computer field, in particular to an index node-based Linux access authority control method. Background technique [0002] The traditional Linux access control method is DAC (Discretionary Access Control, autonomous access control). This framework configuration is simple to use, but has obvious shortcomings. The root user has unlimited power. Once an intruder obtains the root privilege, it is equivalent to controlling the entire system, which is not conducive to system security. [0003] The new Linux access control method adopts MAC (Mandatory Access control, Mandatory Access Control). This method strictly restricts every access to the system, which is mainly implemented through the LSM framework of Linux. However, whether it is SELinux, Apparmor, Smack or TOMOYO Linux, it is cumbersome to configure and use, and requires a certain amount of work. Each operation sets the permission relationship. The present invention see...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/60G06F21/62
CPCG06F21/604G06F21/6218
Inventor 王承志周东升
Owner 杭州龙境科技有限公司
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com