CN107741832B - Method for isolating storage directory based on pooling - Google Patents
Method for isolating storage directory based on pooling Download PDFInfo
- Publication number
- CN107741832B CN107741832B CN201710973391.9A CN201710973391A CN107741832B CN 107741832 B CN107741832 B CN 107741832B CN 201710973391 A CN201710973391 A CN 201710973391A CN 107741832 B CN107741832 B CN 107741832B
- Authority
- CN
- China
- Prior art keywords
- storage
- user
- directory
- content
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/061—Improving I/O performance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0643—Management of files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for isolating a storage directory based on pooling, which comprises the steps of generating the storage directory during physical storage, creating a storage user and setting the authority of the storage user on the storage directory; creating a storage pool, and creating storage units in the storage pool, wherein the storage units are respectively mapped to a storage directory; setting the access authority of the content user of the service level to the storage pool, and binding the content user with the storage user to ensure that the content user can only access the storage directory under the authority; the method realizes dual directory isolation, integrates physical storage and logic storage deeply, realizes the directory security isolation of materials and files in the broadcasting and television industry, and simultaneously realizes fine-grained access control.
Description
Technical Field
The invention belongs to the field of file storage management, and particularly relates to a method for isolating a storage directory based on pooling, which is used for isolating the directory.
Background
With the increasing requirement of sensitive data on security guarantee, the content of media in the broadcasting and television industry is centered on data, the content is stored in a uniform resource pool, and the isolation importance of a directory is highlighted. Aiming at the special requirements of the radio and television industry, physical and logical isolation needs to be set for a file directory when data are stored, and unified access authority control of users of a business layer and a storage layer is ensured.
The existing method comprises the following steps: and performing directory isolation of storage native support in the storage layer and performing logic isolation based on column coarse-grained management in the service layer. The existing method for isolating the storage directory only considers the physical isolation of storage or only considers the logical isolation of a service layer, cannot well combine the two methods, and cannot effectively isolate the storage directory; the existing isolation access control aiming at the media material files in the broadcasting and television industry has coarse access control granularity, and cannot meet the more and more fine personalized requirements of the isolation access of the materials in the broadcasting and television industry.
Disclosure of Invention
The invention aims to: the method for isolating the storage directory based on pooling solves the technical problems that physical isolation and logic isolation cannot be combined in the isolation storage directory, and the granularity is controlled roughly.
The technical scheme adopted by the invention is as follows:
a method for isolating storage directories based on pooling, comprising the steps of:
step 1: generating a storage directory during physical storage, creating a storage user and setting the authority of the storage user to the storage directory;
step 2: creating a storage pool, and creating storage units in the storage pool, wherein the storage units are respectively mapped to a storage directory;
and step 3: and setting the access authority of the content user of the service level to the storage pool, and binding the content user with the storage user so that the content user can only access the storage directory under the authority.
Further, the method also comprises the step of physically dividing the storage, specifically, dividing the storage into physical spaces according to the transmission efficiency of the high-quality files and the low-quality files.
Further, if one content user can only access the storage directory under one storage user, the content users and the storage users are bound one by one; if a plurality of content users share the storage directory, establishing a shared storage user group, and adding users needing to access the shared storage directory to the storage user group to realize sharing.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. double directory isolation is realized: establishing storage units by taking the storage pool as a unit, wherein each storage unit corresponds to an exclusive storage directory, and the physical isolation of storage is realized; and setting the access rights of the content user and the storage user to realize the logic isolation of the storage. The physical storage and the logic storage are deeply integrated, and the safe isolation of the catalogues of the materials and the files in the broadcasting and television industry is realized.
2. And (3) realizing fine-grained access control: the method realizes the isolation access according to people, realizes the strong safety isolation of the user-level materials fused and unified by a service level and a storage level, the storage pool of the content user belongs to the private read-write isolation access, and the files among the users need to be read by authorization. Meanwhile, the operation allowing access is directly connected with the storage directory without intermediate filtering conversion, so that the efficiency is ensured.
Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
FIG. 1 is the overall architecture of the present invention.
Detailed Description
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
The present invention will be described in detail with reference to fig. 1.
A method for isolating storage directories based on pooling, comprising the steps of:
step 1: generating a storage directory during physical storage, creating a storage user and setting the authority of the storage user to the storage directory;
step 2: creating a storage pool, and creating storage units in the storage pool, wherein the storage units are respectively mapped to a storage directory;
and step 3: and setting the access authority of the content user of the service level to the storage pool, and binding the content user with the storage user to realize that the content user can only access the storage directory under the authority.
The method also comprises the step of physically dividing the storage, specifically, dividing the storage into physical spaces according to the transmission efficiency of the high-quality files and the low-quality files.
If one content user can only access the storage directory under one storage user, binding the content user and the storage user one by one; if a plurality of content users share the storage directory, establishing a shared storage user group, and adding users needing to access the shared storage directory to the storage user group to realize sharing.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
A method for storing a directory based on pooling isolation,
generating a storage directory during physical storage, creating a storage user and setting the authority of the storage user to the storage directory;
the storage pool is created, that is, the physical storage is logically divided into a plurality of blocks, each block corresponds to one storage pool, a plurality of storage units are created in each storage pool, and each storage unit corresponds to one storage directory.
And setting the access authority of the content user of the service level to the storage pool, and binding the content user with the storage user so that the content user can only access the storage directory under the authority.
The specific process is as follows:
and configuring basic information of physical storage, including an access mode, a management IP, a port, a user name, a password, a storage root directory and the like, and establishing connection with the storage.
For private pools: establishing a storage user on a storage, setting the access authority of the storage user to a private storage directory, establishing a corresponding storage pool and a storage unit, mapping the storage unit and the storage directory one by one, and setting the access authority of a content user to the storage pool; the permission of the storage directory is 700 permissions of Linux, so that only the content user can access the storage directory and perform operations of reading, writing, executing, deleting and the like.
For a shared storage pool: establishing a storage user group and a content user group, adding content users needing to access a shared storage directory to the content user group, and binding the content user group and the storage user group (simultaneously adding storage users corresponding to the content users in the content user group to the storage user group); the storage directory authority is 070 authority of Linux, and only content users in the content user group can access the shared storage directory and perform operations such as reading, writing, executing, deleting and the like.
Claims (3)
1. A method for isolating storage directories based on pooling is characterized in that: the method comprises the following steps:
step 1: generating a storage directory during physical storage, creating a storage user and setting the authority of the storage user to the storage directory;
step 2: creating a storage pool, and creating storage units in the storage pool, wherein the storage units are respectively mapped to a storage directory;
and step 3: and setting the access authority of the content user of the service level to the storage pool, and binding the content user with the storage user so that the content user can only access the storage directory under the authority.
2. The method for isolating storage directories based on pooling of claim 1, wherein: the method also comprises the step of physically dividing the storage, specifically, dividing the storage into physical spaces according to the transmission efficiency of the high-quality files and the low-quality files.
3. The method for isolating storage directories based on pooling of claim 1, wherein: if one content user can only access the storage directory under one storage user, binding the content user and the storage user one by one; if a plurality of content users share the storage directory, establishing a content sharing user group, and adding users needing to access the sharing storage directory to the content user group to realize sharing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710973391.9A CN107741832B (en) | 2017-10-18 | 2017-10-18 | Method for isolating storage directory based on pooling |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710973391.9A CN107741832B (en) | 2017-10-18 | 2017-10-18 | Method for isolating storage directory based on pooling |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107741832A CN107741832A (en) | 2018-02-27 |
CN107741832B true CN107741832B (en) | 2021-01-08 |
Family
ID=61237730
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710973391.9A Active CN107741832B (en) | 2017-10-18 | 2017-10-18 | Method for isolating storage directory based on pooling |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107741832B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110955886B (en) * | 2019-11-08 | 2022-06-21 | 广州供电局有限公司 | Sandbox-based data security fusion service device and method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102164177A (en) * | 2011-03-11 | 2011-08-24 | 浪潮(北京)电子信息产业有限公司 | Method, device and system for sharing storage pool by cluster |
CN102255962A (en) * | 2011-07-01 | 2011-11-23 | 成都市华为赛门铁克科技有限公司 | Distributive storage method, device and system |
CN102340533A (en) * | 2011-06-17 | 2012-02-01 | 中兴通讯股份有限公司 | Multi-tenant system and method for accessing data thereof |
CN105550854A (en) * | 2016-01-26 | 2016-05-04 | 中标软件有限公司 | Access control device of cloud environment management platform |
CN106201357A (en) * | 2016-07-18 | 2016-12-07 | 浪潮(北京)电子信息产业有限公司 | The construction method of a kind of storage pool and system |
CN106547859A (en) * | 2016-10-21 | 2017-03-29 | 杭州朗和科技有限公司 | A kind of storage method and device of the data file under multi-tenant data storage system |
-
2017
- 2017-10-18 CN CN201710973391.9A patent/CN107741832B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102164177A (en) * | 2011-03-11 | 2011-08-24 | 浪潮(北京)电子信息产业有限公司 | Method, device and system for sharing storage pool by cluster |
CN102340533A (en) * | 2011-06-17 | 2012-02-01 | 中兴通讯股份有限公司 | Multi-tenant system and method for accessing data thereof |
CN102255962A (en) * | 2011-07-01 | 2011-11-23 | 成都市华为赛门铁克科技有限公司 | Distributive storage method, device and system |
CN105550854A (en) * | 2016-01-26 | 2016-05-04 | 中标软件有限公司 | Access control device of cloud environment management platform |
CN106201357A (en) * | 2016-07-18 | 2016-12-07 | 浪潮(北京)电子信息产业有限公司 | The construction method of a kind of storage pool and system |
CN106547859A (en) * | 2016-10-21 | 2017-03-29 | 杭州朗和科技有限公司 | A kind of storage method and device of the data file under multi-tenant data storage system |
Non-Patent Citations (2)
Title |
---|
Cephfs多用户隔离;whyreal;《简书》;20161017;正文第一页 * |
whyreal.Cephfs多用户隔离.《简书》.2016, * |
Also Published As
Publication number | Publication date |
---|---|
CN107741832A (en) | 2018-02-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20180082077A1 (en) | Creating distinct user spaces through user identifiers | |
CN102882923B (en) | Secure storage system and method for mobile terminal | |
CN107688753A (en) | A kind of method and apparatus of ACL controls of authority | |
US20120311575A1 (en) | System and method for enforcing policies for virtual machines | |
US20090164709A1 (en) | Secure storage devices and methods of managing secure storage devices | |
CN102541984B (en) | File system of distributed type file system client side | |
US20090125573A1 (en) | Transactional multi-package installation | |
CN109740367A (en) | A kind of mapping method of file system accesses control list | |
CN104145468A (en) | File access authority control method and device thereof | |
US9639708B2 (en) | Methods and systems of encrypting file system directories | |
US8776057B2 (en) | System and method for providing evidence of the physical presence of virtual machines | |
CN102207912A (en) | Flash memory equipment for realizing partition function on equipment side and access method of flash memory equipment | |
CN106776013B (en) | Multi-system resource scheduling method and device | |
US8001357B2 (en) | Providing a single drive letter user experience and regional based access control with respect to a storage device | |
CN107741832B (en) | Method for isolating storage directory based on pooling | |
CN113420308A (en) | Data access control method and control system for encryption memory | |
CN102236609B (en) | Memory device and access method thereof | |
US9875190B2 (en) | Delegated media translation layer in a storage appliance | |
CN107766001B (en) | Storage quota method based on user group | |
CN106708631B (en) | Shared memory attribute modifying method and system | |
CN102301369A (en) | Data storage device access method and device | |
US20170286446A1 (en) | Systems and methods for enabling modifications of multiple data objects within a file system volume | |
RU2007114069A (en) | METHOD, DEVICE AND MEDIA FOR PROTECTING CONTENTS | |
US20100318728A1 (en) | Solid state drive device | |
CN102375958B (en) | The method of restricting accessing of files |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |