CN112149110A - System operation request response method, system and related device - Google Patents
System operation request response method, system and related device Download PDFInfo
- Publication number
- CN112149110A CN112149110A CN202011042093.6A CN202011042093A CN112149110A CN 112149110 A CN112149110 A CN 112149110A CN 202011042093 A CN202011042093 A CN 202011042093A CN 112149110 A CN112149110 A CN 112149110A
- Authority
- CN
- China
- Prior art keywords
- user
- account
- operation request
- administrator
- responding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000004044 response Effects 0.000 title claims abstract description 27
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012360 testing method Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a response method of a system operation request, which comprises the following steps: receiving an operation request sent by a user account; judging whether the user account has the user authority of the operation request; and if not, responding to the operation request after switching to the administrator account by using the sodu instruction. According to the method and the device, the user account can execute the operation except the account authority through the administrator account without being switched to the root user for execution, and system damage caused by switching to the root user is avoided. Meanwhile, the operation authority of the user account is unchanged, the user account cannot directly contact the system command called by the terminal, the user authority can be strictly controlled, and the system safety is improved. The application also provides a system for responding the system operation request, a computer readable storage medium and a server, which have the beneficial effects.
Description
Technical Field
The present application relates to the field of operating systems, and in particular, to a method, a system, and a related device for responding to a system operation request.
Background
In the Linux operating system, the authority of the root user is the highest, also called the owner of the super authority. The operation that the ordinary user can not carry out, root user can all accomplish, so also be called super administrative user. Because the privilege is so high, a huge loss may be caused if the root user privilege is given to non-technical personnel for use.
Because daily work needs to go to auxiliary analysis and processing of some things in Linux, root authority cannot be used due to the problem of system authority. If the root account number is directly used for operation, the operation is improper, the operation can be halted slightly, and even the starting-up cannot be carried out seriously. Therefore, how to make the response in the permission of the operation request of the user account is a technical problem which needs to be solved urgently by the technical personnel in the field.
Disclosure of Invention
The application aims to provide a response method, a response system, a computer readable storage medium and a server for system operation requests, and harm to the system is reduced by replacing root users with administrator permission to execute operations.
In order to solve the above technical problem, the present application provides a method for responding to a system operation request, which has the following specific technical solutions:
receiving an operation request sent by a user account;
judging whether the user account has the user authority of the operation request;
and if not, responding to the operation request after switching to the administrator account by using the sodu instruction.
Optionally, the method further includes:
and creating the administrator account, and configuring the user permissions of all the users except the root user for the administrator account.
Optionally, after switching to an administrator account by using the sodu instruction and responding to the operation request, the method further includes:
and recording the request response record executed by the sodu instruction.
Optionally, creating the administrator account, and configuring user permissions of all users except the root user for the administrator account includes:
creating an administrator account file for the administrator user under a folder of a root user;
creating an operation authority script under the administrator account file;
and the operation permission script is used for executing permission operations corresponding to the user permissions of all the users except the root user.
Optionally, the permission operation includes one or a combination of any several of local network information configuration, user account security setting, local time setting, local network testing, factory setting, and local device identity configuration.
Optionally, after switching to an administrator account by using the sodu instruction and responding to the operation request, the method further includes:
and exiting the administrator user and switching to the user account.
The present application further provides a system for responding to a system operation request, including:
the receiving module is used for receiving an operation request sent by a user account;
the judging module is used for judging whether the user account has the user authority of the operation request;
and the response module is used for responding to the operation request after the sodu instruction is switched to the administrator account when the judgment result of the judgment module is negative.
Optionally, the method further includes:
and the administrator account creating module is used for creating the administrator account and configuring the user permissions of all the users except the root user for the administrator account.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method as set forth above.
The present application further provides a server comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method described above when calling the computer program in the memory.
The application provides a response method of a system operation request, which comprises the following steps: receiving an operation request sent by a user account; judging whether the user account has the user authority of the operation request; and if not, responding to the operation request after switching to the administrator account by using the sodu instruction.
When receiving an operation request of a user account, the method and the device firstly judge whether the user account has corresponding user permission, and execute the operation request exceeding the user permission after being switched to an administrator account by using the sodu instruction, so that the user account can execute operation except the account permission through the administrator account without being switched to a root user for execution, and system harm caused by switching to the root user is avoided. Meanwhile, the operation authority of the user account is unchanged, the user account cannot directly contact the system command called by the terminal, the user authority can be strictly controlled, and the system safety is improved.
The application also provides a system for responding to the system operation request, a computer-readable storage medium and a server, which have the above beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for responding to a system operation request according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a system for responding to a system operation request according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of a method for responding to a system operation request according to an embodiment of the present application, where the method includes:
s101: receiving an operation request sent by a user account;
the embodiment takes an operating system as an implementation subject of the whole scheme, and for the operating system, the operating system first needs to receive an operation request. The operation request may be issued by any one of the user accounts allowed by the operating system. It should be noted that, in this step, specific types and contents of the operation request are not specifically limited, and the operation request may be an operation request corresponding to a right owned by a user account itself, or may be an operation request corresponding to a right that the user account itself does not possess.
S102: judging whether the user account has the user authority of the operation request; if not, the step S103 is entered;
this step is intended to determine whether the user account has the user authority of the operation request. It is easy to understand that each user account in the operating system has a corresponding user right, which may be allocated by the operating system when the user registers with the operating system, or configure a corresponding user right for the user account through a root right. Since any user account has limited user rights, it is necessary to check whether the operation request issued by the user account is within the user rights owned by itself. With the prior art, once the user authority does not contain the operation request, the native operating system denies it. Each user usually only has one or a few user accounts, and the user permissions of different user accounts are different, so in the prior art, the user can only switch to the root user to execute the operation request.
S103: and responding to the operation request after switching to the administrator account by using the sodu instruction.
Once step S102 determines that the user account does not have the user authority of the operation request, in this step, it is necessary to switch to the administrator account by using the sodu instruction, and respond to the operation request under the administrator account, i.e., perform the corresponding operation. The operation request to be responded does not mean a response of the operating system to the operation request, but means that an operation corresponding to the operation request is executed with a right under the administrator account.
Of course, if the user account has the user authority of the operation request, the operation corresponding to the operation request may be directly executed.
The present embodiment defaults to the fact that the administrator account in the operating system has already been created before the step is executed, and how to configure the administrator account is not particularly limited. It should be noted, however, that the administrator account has user permissions for all user accounts except the root account. That is, after creating the administrator account, the administrator account needs to be configured with the user permissions of all users except the root user. The sodu command is a permission management mechanism, and can authorize an administrator account to execute operations executed under some root permissions on some common user accounts without knowing the password of the root user.
In other words, sudo allows an authorized user to run a command in the role of a supervisor or other user. Of course, the specific executable operations may be determined by configuring the administrator account.
It should be noted that in this step, the operation request is executed only by switching to the administrator account with the sodu instruction, that is, for the current operating system, the actual login user is still the user account, but in order to respond to the operation request, the user account temporarily borrows the administrator account, and meanwhile, the administrator account is only used for responding to the operation request issued by the user account in the process, and the operation that is executed by the administrator account and is not the operation request cannot be executed. If the user account needs to execute other operations exceeding the user authority of the user account, the process of the embodiment of the application can be executed again, so that the user account can be prevented from borrowing the administrator account to execute illegal operations.
It can be seen from the above that, when the user account in the application executes the operation exceeding the user authority of the user account, the user account is switched to the administrator account for execution, but the user authority corresponding to the user account does not change, the administrator account is used as a mediator to assist the user account to realize the operation exceeding the authority, the user account is not required to be switched to the root user for execution, the user authority required for executing the operation request is not required to be given to the user account, on one hand, harm caused by improper operation after the root user is adopted is avoided, and on the other hand, corresponding operation can be implemented without changing the operation authority of the user account.
When receiving an operation request of a user account, the embodiment of the application judges whether the user account has a corresponding user authority or not, and executes the operation request exceeding the user authority after being switched to an administrator account by using the sodu instruction, so that the user account can execute operations except the account authority through the administrator account without being switched to a root user for execution, and system damage caused by switching to the root user is avoided. Meanwhile, the operation authority of the user account is unchanged, the user account cannot directly contact the system command called by the terminal, the user authority can be strictly controlled, and the system safety is improved.
The following explains the creation process of the administrator account described in the above embodiment:
creating an administrator account and configuring the user permissions of all users except the root user for the administrator account can adopt the following steps:
step 1: creating an administrator account file of an administrator user under a folder of a root user;
step 2: creating an operation authority script under an administrator account file;
the operation permission script is used for executing permission operations corresponding to the user permissions of all the users except the root user. Based on the embodiment, after the operation request is switched to the administrator account, the essence of responding to the operation request under the administrator account may be to call an operation permission script in the administrator account file to respond to the operation request.
The specific content of the permission operation is not limited, and the permission operation may include one or any combination of local network information configuration, user account security setting, local time setting, local network test, factory setting and local device identity configuration. Of course, those skilled in the art may configure other authority operations for the administrator account, and shall also fall within the scope of the present application.
Based on the foregoing embodiment, as a preferred embodiment, after responding to the operation request after switching to the administrator account by using the sodu instruction, the method may further include:
and exiting the administrator user and switching to the user account.
In order to avoid the excessive use of the administrator user, the administrator user can be quitted and switched back to the user account after the operation request is responded by the administrator account.
Based on the foregoing embodiment, as a preferred embodiment, after responding to the operation request after switching to the administrator account by using the sodu instruction, the method may further include:
and recording the request response record executed by the sodu instruction.
The sudo instruction supports the safety strategy of the plug-in architecture and can write input and output into a log. Security policies and input and output log plug-ins can be configured and made to work seamlessly with sudo. The user account may require the user to input a password of its own account when executing the sudo command, so as to record the request response record. The request response record at least includes the name of the requesting party, i.e. the user account, and the record of the operation performed. Operation execution time, etc. may also be included.
This embodiment can be combined with the previous embodiment, that is, the request response record executed by the sodu instruction is recorded first, and then the administrator user is logged out, and the user account is switched to. The complete execution process at this time may be as follows:
s201: receiving an operation request sent by a user account;
s202: judging whether the user account has the user authority of the operation request; if not, entering S203;
s203: responding to the operation request after the sodu instruction is used for switching to the administrator account;
s204: recording a request response record executed by the sodu instruction;
s205: and exiting the administrator user and switching to the user account.
In the following, a system for responding to a system operation request provided by the embodiment of the present application is introduced, and the response system described below and the response method for a system operation request described above may be referred to correspondingly.
Fig. 2 is a schematic structural diagram of a system for responding to a system operation request according to an embodiment of the present application, and the present application further provides a system for responding to a system operation request, which may include:
a receiving module 100, configured to receive an operation request sent by a user account;
a judging module 200, configured to judge whether the user account has the user right of the operation request;
and the response module 300 is used for responding to the operation request after switching to the administrator account by using the sodu instruction when the judgment result of the judgment module is negative.
Based on the above embodiment, as a preferred embodiment, the method may further include:
and the administrator account creating module is used for creating the administrator account and configuring the user permissions of all the users except the root user for the administrator account.
Based on the above embodiment, as a preferred embodiment, the method further includes:
and the recording module is used for recording the request response record executed by the sodu instruction.
Based on the above embodiment, as a preferred embodiment, the administrator account creation module includes:
a file creating unit configured to create an administrator account file of the administrator user under a folder of a root user;
the script creating unit is used for creating an operation authority script under the administrator account file;
and the operation permission script is used for executing permission operations corresponding to the user permissions of all the users except the root user.
Based on the above embodiment, as a preferred embodiment, the method further includes:
and the quitting module is used for quitting the administrator user and switching to the user account.
The present application further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed, the computer program can implement the steps of a method for responding to a system operation request provided by the foregoing embodiment. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The application also provides a server, which may include a memory and a processor, where the memory stores a computer program, and when the processor calls the computer program in the memory, the server may implement the steps of the method for responding to a system operation request provided in the foregoing embodiment. Of course, the server may also include various network interfaces, power supplies, and the like.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system provided by the embodiment, the description is relatively simple because the system corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method for responding to a system operation request, comprising:
receiving an operation request sent by a user account;
judging whether the user account has the user authority of the operation request;
and if not, responding to the operation request after switching to the administrator account by using the sodu instruction.
2. The response method of claim 1, further comprising:
and creating the administrator account, and configuring the user permissions of all the users except the root user for the administrator account.
3. The response method according to claim 1, wherein after responding to the operation request after switching to the administrator account by using the sodu command, the method further comprises:
and recording the request response record executed by the sodu instruction.
4. The response method of claim 2, wherein creating the administrator account and configuring the administrator account with user permissions for all users except the root user comprises:
creating an administrator account file for the administrator user under a folder of a root user;
creating an operation authority script under the administrator account file;
and the operation permission script is used for executing permission operations corresponding to the user permissions of all the users except the root user.
5. The response method according to claim 4, wherein the permission operation includes one or any combination of local network information configuration, user account security setting, local time setting, local network test, factory setting and local device identity configuration.
6. The response method according to claim 1 or 3, wherein after responding to the operation request after switching to the administrator account by using the sodu command, the method further comprises:
and exiting the administrator user and switching to the user account.
7. A system for responding to a system operation request, comprising:
the receiving module is used for receiving an operation request sent by a user account;
the judging module is used for judging whether the user account has the user authority of the operation request;
and the response module is used for responding to the operation request after the sodu instruction is switched to the administrator account when the judgment result of the judgment module is negative.
8. The response system of claim 7, further comprising:
and the administrator account creating module is used for creating the administrator account and configuring the user permissions of all the users except the root user for the administrator account.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of responding to a system operation request according to any one of claims 1 to 6.
10. A server, comprising a memory having a computer program stored therein and a processor that implements the steps of the method for responding to system operation requests according to any one of claims 1-6 when called upon by the computer program in the memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011042093.6A CN112149110A (en) | 2020-09-28 | 2020-09-28 | System operation request response method, system and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011042093.6A CN112149110A (en) | 2020-09-28 | 2020-09-28 | System operation request response method, system and related device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112149110A true CN112149110A (en) | 2020-12-29 |
Family
ID=73895810
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011042093.6A Withdrawn CN112149110A (en) | 2020-09-28 | 2020-09-28 | System operation request response method, system and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149110A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190243985A1 (en) * | 2018-02-08 | 2019-08-08 | Avecto Limited | Managing privilege delegation on a computer device |
| CN110417820A (en) * | 2019-09-05 | 2019-11-05 | 曙光信息产业(北京)有限公司 | Processing method, device and the readable storage medium storing program for executing of single-node login system |
-
2020
- 2020-09-28 CN CN202011042093.6A patent/CN112149110A/en not_active Withdrawn
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190243985A1 (en) * | 2018-02-08 | 2019-08-08 | Avecto Limited | Managing privilege delegation on a computer device |
| CN110417820A (en) * | 2019-09-05 | 2019-11-05 | 曙光信息产业(北京)有限公司 | Processing method, device and the readable storage medium storing program for executing of single-node login system |
Non-Patent Citations (1)
| Title |
|---|
| LINUX 中国: "《如何在 Linux 中配置 sudo 访问权限》", pages 1, Retrieved from the Internet <URL:https://zhuanlan.zhihu.com/p/62984051> * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200036725A1 (en) | Graphical user interface privacy, security and anonymization | |
| US20170364669A1 (en) | Restricted accounts on a mobile platform | |
| CN104735091B (en) | A kind of user access control method and apparatus based on linux system | |
| JP2005259126A (en) | Metered execution of code | |
| US20210176236A1 (en) | Persistable identity tokens | |
| US8230116B2 (en) | Resumption of execution of a requested function command | |
| CN114065157A (en) | Page scheduling authentication method, equipment and medium in multi-tenant mode | |
| CN109711147B (en) | Method, device and system for managing three rights separately of operating system and storage medium | |
| CN111274595A (en) | Resource access control method and device | |
| CN112149110A (en) | System operation request response method, system and related device | |
| CN113645060B (en) | Network card configuration method, data processing method and device | |
| CN109861982A (en) | A kind of implementation method and device of authentication | |
| CN109815735A (en) | To the management-control method and system of different user access same asset file permission | |
| CN112417402B (en) | Authority control method, authority control device, authority control equipment and storage medium | |
| CN109189425A (en) | A kind of management method of BMC, management system and relevant apparatus | |
| CN112583890B (en) | Message pushing method and device based on enterprise office system and computer equipment | |
| US20190205525A1 (en) | Authority Configuration Method and Device | |
| US8429718B2 (en) | Control production support access | |
| CN109040145B (en) | Method for safely accessing local area network, storage medium and application server | |
| CN113656355A (en) | File processing method and device, nonvolatile storage medium and processor | |
| CN101820438B (en) | Computer starting method in local area network (LAN) and LAN | |
| CN114070856A (en) | Data processing method, device and system, operation and maintenance auditing equipment and storage medium | |
| JP5064126B2 (en) | Server system that controls the services used | |
| CN113836547B (en) | Method, system and monitoring platform for limiting common user to log on monitoring platform | |
| CA2854540C (en) | Managing cross perimeter access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201229 |
|
| WW01 | Invention patent application withdrawn after publication |