CN1504906A - Virtual file system - Google Patents
Virtual file system Download PDFInfo
- Publication number
- CN1504906A CN1504906A CNA021509107A CN02150910A CN1504906A CN 1504906 A CN1504906 A CN 1504906A CN A021509107 A CNA021509107 A CN A021509107A CN 02150910 A CN02150910 A CN 02150910A CN 1504906 A CN1504906 A CN 1504906A
- Authority
- CN
- China
- Prior art keywords
- file
- disk
- virtual file
- virtual
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a virtual file system in disk-free network, making file operation to intercept operating system, and after obtaining the operating type, justifying if the operation modifies the file which needs to be protected: if does, then build corresponding file in user disk and make corresponding operation on the file; if does not, then directly operate actual file. It can effectively protect system disk form being destroyed and prevent share collision and interference between users on multiuser condition.
Description
Technical field
The present invention relates to not have the flaking network, refer in particular to the Virtual File System that is used for this network.
Background technology
In no flaking network, because the normal operation of the webserver is all depended in the normal startup of workstation and operation, therefore guarantee the safety of server system dish, just seem most important for the normal operation that guarantees whole no flaking network.In order to prevent that workstation user from having a mind to or by mistake destroy file system on the system disk, the method that adopts is usually: at first the shared attribute of system disk place catalogue is set to " control fully " on the server; Security attributes requires to be set to " read-only " or " control fully " respectively by the keeper according to the difference of different software then.Because a lot of softwares all can be to the system disk written document, said method has just brought a series of problems: the file directory that is set to " control fully " has no security and can say; Can in system directory, produce a lot of temporary files after application software is repeatedly moved, safeguard difficulty; The keeper is very complicated loaded down with trivial details to the management of file permission; Authority is open inappropriate, causes software normally to move.
Simultaneously, the problem that in no flaking network, also has " sharing conflict ".So-called " sharing conflict " is exactly a plurality of workstation users when simultaneously a file being carried out write operation, and wherein a workstation can be reported and make mistakes, because can only have a user to write this file simultaneously.For disk workstation is arranged, every workstation all has system disk and the storage space of oneself, and most of file of read-write all is independently, does not have the problem of " sharing conflict ".But for no flaking network, all workstations all use same station server, the system disk at all working station all shines upon from the same catalogue of same station server, therefore " share conflict " problem is just outstanding especially, especially when most of user is using same application program, will be more serious, gently then cause some user applications normally not move, heavy then cause the collapse of total system.
In addition, a weakness that exists in traditional no flaking network is exactly a lot of application software data file can't be personalized.For example in the non-disk workstation, use in Outlook or the Foxmail, as long as on a workstation, set up a mailbox, also can see the letter in this mailbox on other workstations, on the desktop of a workstation, add an icon, all can have more this icon on all workstations, or the like problem.Only be that each user installs a cover software separately in User Catalog, and this is often unrealistic.
More than these all are the problems of extremely thorny and contradiction during no flaking network is used.
Summary of the invention
Above defective at prior art; fundamental purpose of the present invention is to provide a kind of Virtual File System that is used to not have the flaking network; thereby protected safely and effectively for the system disk file in the no flaking network, solved the problem of multi-user's file-sharing conflict simultaneously.
Another object of the present invention is by above-mentioned Virtual File System, for a plurality of workstation users provide personalization files function is set, and has solved the problem that a plurality of users are provided with the phase mutual interference.
Described Virtual File System is characterised in that and comprises:
1, the Virtual File System driver file of packing into during os starting.
2, when operating system relates to file operation, before carrying out the actual file operation, intercept these operations, carry out the Virtual File System treatment scheme.
3, the file operation mode is judged: whether this operation is operated the system disk file.
If 4 these operations are not the operations that system disk is carried out, then directly carry out the actual file operation.
If 5 these operations are operations that system disk is carried out, then obtain filename to be operated, whether search this document name is registered.
If 6 filenames are registered, then carry out the actual file operation for the file of the same name under the user disk respective paths.
If 7 filenames are unregistered, judge then whether this operation is the file modification operation.
If 8 these operations are file modification operations, then register this file, carry out the actual file operation for the file of the same name under the user disk respective paths simultaneously.
If 9 these operations are not the file modification operations, then directly carry out the actual file operation.
Described Virtual File System also comprises personalization files and the directory listing that reads in user's setting, simultaneously personalization files and catalogue is registered.
Described Virtual File System also comprises and is set at the file attribute in the system disk read-only.
Described Virtual File System also comprises the registration of adopting database to finish Virtual File System.
Described operating system is windows operating system.
Adopt Virtual File System of the present invention; owing to before user's operation file, all can be intercepted and captured by this defence program; thereby when the user makes amendment operation for the system disk file; Virtual File System can be set up the backup file of corresponding document in user disk; and actual retouching operation carries out on this backup file; for the file on the system disk without any influence, thereby can in the non-disk workstation, effectively realize safety protection function.Simultaneously when a plurality of users occur sharing the situation of conflict, because each user has the difference backup at the system disk file of oneself, it is converted to different file modifying operations by Virtual File System in fact for same file modifying operation, therefore can avoid the generation of program error situation, thus the stable normal operation of assurance program.
Simultaneously, adopt Virtual File System of the present invention, owing to can read personalization files and the directory listing that was provided with when last time, each user used during system start-up, and its personalization files and directory listing registered in system, can realize that like this each user individual is provided with function, be convenient to hobby and the custom various settings of carrying out workstation of each user, avoided the phase mutual interference between a plurality of users, guarantee that each workstation user is convenient to use according to oneself.
Description of drawings
Fig. 1 is Virtual File System realization flow figure.
Fig. 2 is a Windows operating system file Share Permissions arrangement plan.
Embodiment
As a kind of preferred implementation of the present invention; super protection is set about from the operating system bottom; utilize the file system driver technology; by driver is that system disk is set up a virtual file system; the shared attribute of system disk catalogue is set to " read-only " simultaneously, and system disk is blocked fully.
Virtual File System makes the application program on the non-disk workstation can free read-write system dish, even can arbitrarily rewrite the sensitive document that is enough to make network paralysis, but in fact these modifications all are virtual, and the file on the server does not have any variation, can not receive any destruction yet.Shared attribute is set to " read-only " then following advantage:
1, system disk is farthest protected, the user on the workstation does not have possibility to remove to destroy file on the system disk at all.
2, virus can't be invaded, even workstation has infected virus when online, also can not infect the system file on the server, and just infect virtual file, as long as restart machine, virus will disappear automatically.
3, owing to adopt totally enclosed mode, a large amount of temporary files that application program produces can the writing system catalogue, that is to say no matter the file in the system directory is that size or quantity can change never.Only in this way, could real reaching " zero dimension is protected ".
4, the system manager does not again need to confirm one by one the catalogue and the file of the required opening of application program.
In no flaking network system, can realize the shared attribute of system disk catalogue all is made as " read-only " like this, reach the purpose of the normal operation that guarantees software simultaneously again.
As another preferred embodiment of the present invention, utilize the implementation method of Virtual File System, can set up the virtual file of a cover system dish file for each user, revise a file simultaneously for a plurality of users and produce " sharing conflict " problem, because in fact operation is different virtual files, thereby fundamentally solved this problem, made various softwares and application program on no flaking network, normally to move, enlarged the scope of application and the availability of no flaking network.
As another preferred embodiment of the present invention, adopt the implementation method of Virtual File System, can overlap independently personalization files for each user sets up one, as mailbox and the mail, the desktop of oneself, the recreation deposit record or the like of oneself of oneself, and the situation of mutual interference mutually with other users can not take place.
Foxmail is an example with client mail management software, because the mailbox of Foxmail and mail data are to be placed under the installation directory of Foxmail, therefore as long as in Virtual File System, set up each user's the mailbox and the virtual file of mail, after this, the user just can be provided with the mailbox of oneself in the non-disk workstation, everyone can have oneself mailbox and mail, can not disturb each other, even restart machine, each user's mail and various configuration information can not lost yet.
Be example with " space craft " recreation again, for each user sets up the virtual file of a cover deposit log file in Virtual File System, the user on every workstation has oneself independently recreation deposit record and can not mixing with other users' recreation progress like this.
Also have some softwares that log-on message and configuration information are write in the file in addition, if log-on message or configuration information on the different workstations are identical, can cause software to move, " filtering the king " as network filtering software is exactly to adopt this mode to come configuration software, so can't use " filtering the king " software on traditional no flaking network, and used the implementation method of Virtual File System, as long as set up the virtual file of this software configuration file of each user, just can allow each user can both normally use this software.
The scope of protection of the invention not only is confined to above embodiment scope of disclosure; comprise also that simultaneously a plurality of users in the diverse network need the requirement of long period retention data file; as the configuration information of software, user's application data, deposit record of recreation or the like situation.
Claims (6)
1, a kind of Virtual File System, described system is characterised in that and comprises:
A) the Virtual File System driver file of packing into during os starting;
B) when operating system relates to file operation, before carrying out the actual file operation, intercept these operations, carry out the Virtual File System treatment scheme;
C) the file operation mode is judged: whether this operation is operated the system disk file;
D), then directly carry out the actual file operation if this operation is not the operation that system disk is carried out;
E) if this operation is the operation that system disk is carried out, then obtain filename to be operated, whether search this document name is registered;
F) if filename is registered, then carry out the actual file operation for the file of the same name under the user disk respective paths;
G), judge then whether this operation is the file modification operation if filename is unregistered;
H) if this operation is the file modification operation, then register this file, carry out the actual file operation for the file of the same name under the user disk respective paths simultaneously;
I) if this operation is not the file modification operation, then directly carry out the actual file operation.
2, Virtual File System as claimed in claim 1 is characterized in that also comprising and reads in personalization files and the directory listing that the user is provided with, and simultaneously personalization files and catalogue is registered.
3, Virtual File System as claimed in claim 1 is characterized in that also comprising being set at the file attribute in the system disk read-only.
4,, it is characterized in that also comprising the registration of adopting database to finish Virtual File System as claim 1,2 or 3 described Virtual File Systems.
5,, it is characterized in that described operating system is windows operating system as claim 1,2 or 3 described Virtual File Systems.
6, Virtual File System as claimed in claim 4 is characterized in that described operating system is windows operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA021509107A CN1504906A (en) | 2002-11-28 | 2002-11-28 | Virtual file system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA021509107A CN1504906A (en) | 2002-11-28 | 2002-11-28 | Virtual file system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1504906A true CN1504906A (en) | 2004-06-16 |
Family
ID=34234155
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA021509107A Pending CN1504906A (en) | 2002-11-28 | 2002-11-28 | Virtual file system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1504906A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006058472A1 (en) * | 2004-12-02 | 2006-06-08 | Lenovo (Beijing) Limited | Method for establishing a trusted running environment in the computer |
| CN100462990C (en) * | 2005-12-12 | 2009-02-18 | 北京瑞星国际软件有限公司 | Method and device for monitoring suspicious file start |
| CN101414327B (en) * | 2007-10-15 | 2012-09-12 | 北京瑞星信息技术有限公司 | Method for file protection |
| CN107479922A (en) * | 2017-08-04 | 2017-12-15 | 深圳市中兴物联科技有限公司 | A kind of flash data management method, device and computer-readable recording medium |
| CN110325964A (en) * | 2017-04-04 | 2019-10-11 | 甲骨文国际公司 | Virtual configuration system and method |
-
2002
- 2002-11-28 CN CNA021509107A patent/CN1504906A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006058472A1 (en) * | 2004-12-02 | 2006-06-08 | Lenovo (Beijing) Limited | Method for establishing a trusted running environment in the computer |
| GB2436046A (en) * | 2004-12-02 | 2007-09-12 | Lenovo | Method for establishing a trusted running environment in the computer |
| GB2436046B (en) * | 2004-12-02 | 2009-07-15 | Lenovo | Method for establishing a trusted running environment in the computer |
| CN100462990C (en) * | 2005-12-12 | 2009-02-18 | 北京瑞星国际软件有限公司 | Method and device for monitoring suspicious file start |
| CN101414327B (en) * | 2007-10-15 | 2012-09-12 | 北京瑞星信息技术有限公司 | Method for file protection |
| CN110325964A (en) * | 2017-04-04 | 2019-10-11 | 甲骨文国际公司 | Virtual configuration system and method |
| CN110325964B (en) * | 2017-04-04 | 2023-08-22 | 甲骨文国际公司 | Virtual configuration system and method |
| CN107479922A (en) * | 2017-08-04 | 2017-12-15 | 深圳市中兴物联科技有限公司 | A kind of flash data management method, device and computer-readable recording medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7962950B2 (en) | System and method for file system mandatory access control | |
| US7444671B2 (en) | Protected execution environments within a computer system | |
| US5701458A (en) | System and method for managing arbitrary subsets of access control lists in a computer network | |
| EP0834132B1 (en) | Security for computer system resources | |
| CN110647754A (en) | File system view separation for data confidentiality and integrity | |
| CA2465880C (en) | Operating system abstraction and protection layer | |
| US8078740B2 (en) | Running internet applications with low rights | |
| EP0547759B1 (en) | Non supervisor-mode cross-address space dynamic linking | |
| RU2430413C2 (en) | Managing user access to objects | |
| US6658571B1 (en) | Security framework for dynamically wrapping software applications executing in a computing system | |
| US8078649B2 (en) | Method and system for centrally deploying and managing virtual software applications | |
| US8312459B2 (en) | Use of rules engine to build namespaces | |
| US6718386B1 (en) | Methods, system, and article for displaying privilege state data | |
| US20040215650A1 (en) | Interfaces and methods for group policy management | |
| US20070022091A1 (en) | Access based file system directory enumeration | |
| WO2002084533A1 (en) | Method and service for storing records containing executable objects | |
| US8640215B2 (en) | Secure isolation of application pools | |
| US7093125B2 (en) | Rote based tool delegation | |
| CN1504906A (en) | Virtual file system | |
| US7552328B2 (en) | Security attributes of nodes in trusted computing systems | |
| CN113505099A (en) | File hiding method, device, equipment and storage medium of Windows system | |
| Stanek et al. | InsideOUT | |
| Hassell | Exploring Windows Server 2003 | |
| Bettany et al. | Windows File System Troubleshooting | |
| Howard | Secure Internet Information Services 5.0 Checklist |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |