Linux access authority control method based on index node

A technology of access rights and index nodes, applied in the computer field, can solve cumbersome problems and achieve the effect of convenient deployment and implementation

Inactive Publication Date: 2018-11-06
杭州龙境科技有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method strictly restricts every access to the system, which is mainly implemented through the LSM framework of Linux. However, whether it is SELinux, Ap

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Linux access authority control method based on index node
  • Linux access authority control method based on index node

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0022] The present invention will be further described below in conjunction with the drawings and specific embodiments:

[0023] Such as Figure 1~2 As shown, the Linux access authority control method based on index nodes of the present invention includes the following steps:

[0024] S1. Modify the kernel source code and add system calls. After the system call interface is initialized, a correspondence table of index nodes and process numbers is established in the kernel space; the loading process of the correspondence table is realized by system calls or loading read-only devices .

[0025] S2. Modify the kernel source code, and add access permission control judgments to the file system system calls according to the correspondence table described in step S1; wherein the file system system calls can be modified according to actual usage scenarios, including but not limited to open, and can also be read, write, etc.

[0026] The above-mentioned access authority control judgment proc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of computers, and particularly relates to a Linux access authority control method based on an index node, wherein the method mainly comprises the followingsteps: S1, modifying a kernel source code, adding system calling, and establishing a corresponding relation table of a process number and the index node in a kernel space; S2, modifying the kernel source code according to the corresponding relation table established in the step S1, and adding access authority control judgement for system calling of a file system; S3, by a kernel, executing the access authority control judgement of the step S2 for users accessing to the kernel space. Compared with the conventional DAC scheme, the method provided by the invention has the advantage of guaranteeing some important files according to PID even having a root authority. And compared with a MAC scheme, the method provided by the invention has the advantages of being in lightweight class, being convenient to deploy and implement, having no need of setting access rules for each operation, and being capable of setting and modifying the rules as needed.

Description

technical field [0001] The invention relates to the computer field, in particular to an index node-based Linux access authority control method. Background technique [0002] The traditional Linux access control method is DAC (Discretionary Access Control, autonomous access control). This framework configuration is simple to use, but has obvious shortcomings. The root user has unlimited power. Once an intruder obtains the root privilege, it is equivalent to controlling the entire system, which is not conducive to system security. [0003] The new Linux access control method adopts MAC (Mandatory Access control, Mandatory Access Control). This method strictly restricts every access to the system, which is mainly implemented through the LSM framework of Linux. However, whether it is SELinux, Apparmor, Smack or TOMOYO Linux, it is cumbersome to configure and use, and requires a certain amount of work. Each operation sets the permission relationship. The present invention see...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/60G06F21/62
CPCG06F21/604G06F21/6218
Inventor 王承志周东升
Owner 杭州龙境科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap