CN112000971A - File permission recording method, system and related device - Google Patents
File permission recording method, system and related device Download PDFInfo
- Publication number
- CN112000971A CN112000971A CN202010850456.2A CN202010850456A CN112000971A CN 112000971 A CN112000971 A CN 112000971A CN 202010850456 A CN202010850456 A CN 202010850456A CN 112000971 A CN112000971 A CN 112000971A
- Authority
- CN
- China
- Prior art keywords
- file
- authority
- node
- log
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/13—File access structures, e.g. distributed indices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application provides a file authority recording method, which comprises the following steps: when the situation that the authority of a target file is changed is monitored, determining the index of the target file; judging whether a log record node corresponding to the index exists or not; if yes, updating the current authority change record of the target file to a storage queue of the log record node; if not, creating a log record node corresponding to the index and filling the authority change record to a storage queue of the log record node. According to the method and the device, the difficulty in positioning the authority of the abnormal file is reduced, meanwhile, the trace tracing can be realized based on the file authority change record, and the problem of abnormal file access is conveniently and rapidly solved. The application also provides a file authority recording system, a computer readable storage medium and a server, which have the beneficial effects.
Description
Technical Field
The present application relates to the field of file storage, and in particular, to a method, a system, and a related device for recording file permissions.
Background
With the advent of the era of social information explosion, the data volume of people is increasing day by day, the development of storage servers is also faster and faster, and the requirements of storage access performance of distributed storage servers are increased, the requirement of concurrent access capacity is increased, the management server of metadata in distributed storage starts to manage and distribute permissions, and the permission access problem is often encountered when a kernel client is used for reading and writing data, but the positioning difficulty is high, and it is difficult to determine which permission change causes file exception. Therefore, how to implement effective recording of file permissions in a storage system is a technical problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
The application aims to provide a file authority recording method, a file authority recording system, a computer readable storage medium and a server, which can effectively record file authority change records so as to quickly locate the problem of abnormal file authority.
In order to solve the technical problem, the application provides a file authority recording method, which has the following specific technical scheme:
when the situation that the authority of a target file is changed is monitored, determining the index of the target file;
judging whether a log record node corresponding to the index exists or not;
if yes, updating the current authority change record of the target file to a storage queue of the log record node;
if not, creating a log record node corresponding to the index and filling the authority change record to a storage queue of the log record node.
Optionally, the method further includes:
embedding a tree structure in a node of a client corresponding to the file system;
and establishing a log record node in the tree structure according to the index directory of the file system.
Optionally, the updating the current permission change record of the target file to the storage queue of the log record node includes:
acquiring the cursor position of the cursor to which the storage queue belongs in the log record node;
and updating the current authority change record of the target file to a storage unit corresponding to the cursor position.
Optionally, if the target file is deleted, the method further includes:
and removing the log record node corresponding to the index to which the target file belongs from the tree structure.
Optionally, the method further includes:
calling a storage queue in the log record node by using a command line instruction;
and calling a log display interface to display the permission change record in the storage queue.
Optionally, further comprising;
and configuring a spin lock for the log recording node, and preventing the concurrent access to the log recording node by using the spin lock.
Optionally, the log recording node is configured to store an authority change record, an authority change time, a change file index, and a corresponding authority calling interface.
The present application further provides a file authority recording system, including:
the index determining module is used for determining the index of the target file when the change of the authority of the target file is monitored;
the judging module is used for judging whether a log record node corresponding to the index exists or not;
the first recording module is used for updating the permission change record of the target file to the storage queue of the log recording node when the judgment result of the judging module is yes;
and the second recording module is used for creating a log recording node corresponding to the index and filling the authority change record to a storage queue of the log recording node when the judgment result of the judgment module is negative.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method as set forth above.
The present application further provides a server comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method described above when calling the computer program in the memory.
The application provides a file authority recording method, which comprises the following steps: when the situation that the authority of a target file is changed is monitored, determining the index of the target file; judging whether a log record node corresponding to the index exists or not; if yes, updating the current authority change record of the target file to a storage queue of the log record node; if not, creating a log record node corresponding to the index and filling the authority change record to a storage queue of the log record node.
According to the method and the device, when the authority change of the file is monitored, the authority change record of the file under the corresponding index is recorded by the log record node, if the log record node corresponding to the target file index does not exist, the corresponding log record node is created to meet the storage requirement of the authority change record, so that the authority change record is guaranteed to be stored in the storage queue each time, when the file access authority is abnormal, the abnormal place is directly located according to the authority change record recorded in the log record node corresponding to the index to which the file belongs, the locating difficulty of the abnormal file authority is reduced, meanwhile, the track tracing can be achieved based on the file authority change record, and the problem of the abnormal file access is solved conveniently and quickly.
The application also provides a file authority recording system, a computer readable storage medium and a server, which have the beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a file right recording method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a file authority recording system according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to better describe the relationship between the tree structure and the log record node in the present application, the following description will first be made on the initialization operation for executing a file authority recording method disclosed in the present application:
firstly, a tree structure is embedded in a node of a client corresponding to the file system, and a log record node in the tree structure is established according to an index directory of the file system. Usually, the tree structure is built on a root directory of the file system for carrying the logging nodes, and the logging nodes correspond to the file index directory the same, i.e. each index has a corresponding logging node. It should be noted that, there is a hierarchical relationship between the indexes of the files, that is, the file a may exist in the file B, and then two log record nodes corresponding to the file a and the file B are corresponding relationships between a child node and a parent node. All logging nodes are suspended in a tree structure.
The Tree structure is not limited, and for example, a Red Black Tree (Red Black Tree) may be used, where the Red Black Tree is a self-balancing binary search Tree, and other Tree structures may be used, such as an AVL Tree (a self-balancing binary search Tree).
Similarly, because file indexes in the file system all have corresponding log record nodes, when the target file is deleted, the log record node corresponding to the index to which the target file belongs also needs to be removed from the tree structure. I.e., a logging node typically exists with the existence of a corresponding target file.
Further, as a preferred embodiment, a spinlock may be configured for a logging node, and the spinlock may be used to prevent concurrent access to the logging node. A spin lock is defined for mutual exclusion access between operations such as insertion and query of authority change records of the log recording node, and addition and subtraction locking is performed before and after the log recording node is operated, so that concurrent access of multiple clients or multiple threads to the log recording node is prevented.
On the basis of the above, please refer to fig. 1, fig. 1 is a flowchart of a file right recording method according to an embodiment of the present application, where the method includes:
s101: when the situation that the authority of a target file is changed is monitored, determining the index of the target file;
when the target file with the changed authority is monitored, the index, namely the file address, where the target file is located is determined. The index of the target file is not particularly limited, and may be confirmed by using a macro recording interface.
S102: judging whether a log record node corresponding to the index exists or not; if yes, entering S103; if not, entering S104;
after the index of the target file is obtained in step S101, it is determined whether a log record node corresponding to the index exists. The log recording node can be used for storing data related to permission change, such as permission change records, permission change time, change file indexes, corresponding permission calling interfaces and the like.
In this embodiment, the default file system already has the tree structure as described above, but because there is hysteresis in establishing or removing the log record node, and the change of the file authority is more frequent when a file is newly added in the file system, the log record node in the corresponding tree structure is not necessarily established at this time, and therefore, this step needs to determine whether the index has a corresponding log record node.
S103: updating the current authority change record of the target file to a storage queue of the log record node;
if the index has a corresponding log record node, the authority change record can be updated to the storage queue of the log record node. Specifically, how to update the current authority change record to the storage queue of the log record node is not specifically limited herein. The log record node can call a pointer array to dynamically apply for data structures such as log character strings and the like as a storage queue to store the authority change records, and each storage unit in the storage queue can only store one authority change record. It should be noted that, when the pointer array is called to dynamically apply for the storage queue, the storage units included in the storage queue applied each time may be the same or different, that is, a preset number of storage units may be obtained to supplement the storage queue applied each time, or a non-fixed number of storage units may be obtained to supplement the storage queue, and the technical solution disclosed in this embodiment may be implemented.
As a preferred implementation of this step, the following steps may be adopted:
s1031: acquiring a cursor position of a storage queue containing a cursor in a log record node;
s1032: and updating the current authority change record of the target file to a storage unit corresponding to the cursor position.
In step S1031, the cursor position of the cursor in the current storage queue is obtained first, and then the current permission change record can be directly updated to the storage unit corresponding to the cursor position. It will be readily appreciated that the initial position of the cursor is the first storage location, after which the cursor automatically points to the next storage location in the storage queue when the storage location stores the permission change record.
S104: and creating a log record node corresponding to the index and filling the authority change record to a storage queue of the log record node.
If the index does not have a corresponding log record node, at this time, a corresponding log record node needs to be created first, and the current authority change record is filled. It is easy to understand that, after the authority change record is filled, the created log record node is required to be inserted into the tree structure by default in this step, and is inserted into the corresponding position in the tree structure according to the index. Therefore, when the subsequent authority change record is called to search for the abnormal file, the log record node can be directly traversed through the tree structure, and the positioning efficiency of the abnormal file authority is improved.
According to the method and the device, when the authority change of the file is monitored, the authority change record of the file under the corresponding index is recorded by the log record node, if the log record node corresponding to the target file index does not exist, the corresponding log record node is created to meet the storage requirement of the authority change record, so that the authority change record is stored in the storage queue every time, when the file access authority is abnormal, the abnormal place is directly located according to the authority change record recorded in the log record node corresponding to the index to which the file belongs, the locating difficulty of the abnormal file authority is reduced, meanwhile, the track tracing can be achieved based on the file authority change record, and the problem of the abnormal file access is solved conveniently and rapidly.
Based on the above embodiment, as a preferred embodiment, in order to facilitate querying the authority change record of the file based on the log record node, a storage queue in the log record node may be called by a command line instruction, and a log display interface is called to display the authority change record in the storage queue.
Specifically, because there is a problem of abnormal authority when a kernel client reads and writes a file, a control variable command design may be performed first, a command line instruction and related parameters are transmitted in a user mode, an input/output control (input/output control) system calls the kernel mode, and a global variable is assigned. And then receiving a command line instruction transmitted by a user mode, switching to the kernel through the ioctl system, calling a log display interface of the kernel data access module, and finally outputting to the kernel buffer area and displaying the permission change record in the storage queue.
More preferably, the control variables can be traversed when the authority change record is displayed, the number of log record items to be displayed and the display sequence are selected by controlling the cursor, or the cursor is controlled to be positioned in a certain storage unit and the non-empty log records after the storage unit are printed, so that the latest updated authority change record is displayed.
In the following, a file right recording system provided by an embodiment of the present application is introduced, and the file right recording system described below and the file right recording method described above may be referred to in a corresponding manner.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a file authority recording system provided in an embodiment of the present application, and the present application further provides a file authority recording system, including:
the index determining module 100 is configured to determine an index of a target file when it is monitored that a permission of the target file is changed;
a judging module 200, configured to judge whether a log record node corresponding to the index exists;
the first recording module 300 is configured to update the current permission change record of the target file to the storage queue of the log recording node when the determination result of the determining module is yes;
and a second recording module 400, configured to create a log recording node corresponding to the index and fill the permission change record to a storage queue of the log recording node when the determination result of the determining module is negative.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed, may implement the steps provided by the above-described embodiments. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The application also provides a server, which may include a memory and a processor, where the memory stores a computer program, and the processor may implement the steps provided by the foregoing embodiments when calling the computer program in the memory. Of course, the server may also include various network interfaces, power supplies, and the like.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system provided by the embodiment, the description is relatively simple because the system corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A file right recording method, comprising:
when the situation that the authority of a target file is changed is monitored, determining the index of the target file;
judging whether a log record node corresponding to the index exists or not;
if yes, updating the current authority change record of the target file to a storage queue of the log record node;
if not, creating a log record node corresponding to the index and filling the authority change record to a storage queue of the log record node.
2. The file permission abnormality detection method according to claim 1, characterized by further comprising:
embedding a tree structure in a node of a client corresponding to the file system;
and establishing a log record node in the tree structure according to the index directory of the file system.
3. The method for detecting file authority abnormality according to claim 1, wherein updating the current authority change record of the target file to the storage queue of the log record node includes:
acquiring the cursor position of the cursor to which the storage queue belongs in the log record node;
and updating the current authority change record of the target file to a storage unit corresponding to the cursor position.
4. The method for detecting file permission abnormality according to claim 2, further comprising, if the target file is deleted:
and removing the log record node corresponding to the index to which the target file belongs from the tree structure.
5. The file permission abnormality detection method according to claim 1, characterized by further comprising:
calling a storage queue in the log record node by using a command line instruction;
and calling a log display interface to display the permission change record in the storage queue.
6. The file permission abnormality detection method according to claim 1, characterized by further comprising:
and configuring a spin lock for the log recording node, and preventing the concurrent access to the log recording node by using the spin lock.
7. The file authority anomaly detection method according to any one of claims 1-6, wherein the log record node is used for storing authority change records, authority change time, change file indexes and corresponding authority calling interfaces.
8. A file right recording system, comprising:
the index determining module is used for determining the index of the target file when the change of the authority of the target file is monitored;
the judging module is used for judging whether a log record node corresponding to the index exists or not;
the first recording module is used for updating the permission change record of the target file to the storage queue of the log recording node when the judgment result of the judging module is yes;
and the second recording module is used for creating a log recording node corresponding to the index and filling the authority change record to a storage queue of the log recording node when the judgment result of the judgment module is negative.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
10. A server, characterized in that it comprises a memory in which a computer program is stored and a processor which, when it is called in said memory, implements the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010850456.2A CN112000971B (en) | 2020-08-21 | 2020-08-21 | File permission recording method, system and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010850456.2A CN112000971B (en) | 2020-08-21 | 2020-08-21 | File permission recording method, system and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112000971A true CN112000971A (en) | 2020-11-27 |
| CN112000971B CN112000971B (en) | 2022-07-15 |
Family
ID=73472344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010850456.2A Active CN112000971B (en) | 2020-08-21 | 2020-08-21 | File permission recording method, system and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112000971B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110807003A (en) * | 2018-07-18 | 2020-02-18 | 成都华为技术有限公司 | Method and apparatus for modifying reference counts of access control lists |
| CN113254460A (en) * | 2021-07-07 | 2021-08-13 | 阿里云计算有限公司 | Data processing method, system, electronic device and computer program product |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5727206A (en) * | 1996-07-31 | 1998-03-10 | Ncr Corporation | On-line file system correction within a clustered processing system |
| CN101819577A (en) * | 2009-01-08 | 2010-09-01 | 国际商业机器公司 | Method, system and apparatus for maintaining file system client directory caches |
| CN110795744A (en) * | 2019-10-12 | 2020-02-14 | 北京浪潮数据技术有限公司 | Abnormal information positioning method and system, electronic equipment and storage medium |
| CN111290919A (en) * | 2020-02-27 | 2020-06-16 | 平安国际智慧城市科技股份有限公司 | Log file generation method and device, computer equipment and storage medium |
-
2020
- 2020-08-21 CN CN202010850456.2A patent/CN112000971B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5727206A (en) * | 1996-07-31 | 1998-03-10 | Ncr Corporation | On-line file system correction within a clustered processing system |
| CN101819577A (en) * | 2009-01-08 | 2010-09-01 | 国际商业机器公司 | Method, system and apparatus for maintaining file system client directory caches |
| CN110795744A (en) * | 2019-10-12 | 2020-02-14 | 北京浪潮数据技术有限公司 | Abnormal information positioning method and system, electronic equipment and storage medium |
| CN111290919A (en) * | 2020-02-27 | 2020-06-16 | 平安国际智慧城市科技股份有限公司 | Log file generation method and device, computer equipment and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110807003A (en) * | 2018-07-18 | 2020-02-18 | 成都华为技术有限公司 | Method and apparatus for modifying reference counts of access control lists |
| CN110807003B (en) * | 2018-07-18 | 2023-03-24 | 成都华为技术有限公司 | Method and apparatus for modifying reference counts of access control lists |
| CN113254460A (en) * | 2021-07-07 | 2021-08-13 | 阿里云计算有限公司 | Data processing method, system, electronic device and computer program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112000971B (en) | 2022-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9454548B1 (en) | Pluggable storage system for distributed file systems | |
| US9235589B2 (en) | Optimizing storage allocation in a virtual desktop environment | |
| WO2015078370A1 (en) | Method, device, node and system for managing file in distributed data warehouse | |
| US10013312B2 (en) | Method and system for a safe archiving of data | |
| US8521768B2 (en) | Data storage and management system | |
| CN103514298A (en) | Method for achieving file lock and metadata server | |
| US9514170B1 (en) | Priority queue using two differently-indexed single-index tables | |
| CN112860777B (en) | Data processing method, device and equipment | |
| CN112000971B (en) | File permission recording method, system and related device | |
| CN113448938A (en) | Data processing method and device, electronic equipment and storage medium | |
| WO2024078107A1 (en) | Database service execution method and apparatus | |
| CN109597707A (en) | Clone volume data copying method, device and computer readable storage medium | |
| CN105094811A (en) | Method can device for processing events | |
| US20170357659A1 (en) | Systems and methods for managing snapshots of a file system volume | |
| CN108984102B (en) | Method, system and computer program product for managing a storage system | |
| CN115114232A (en) | Method, device and medium for enumerating historical version objects | |
| CN109189343B (en) | Metadata disk-dropping method, device, equipment and computer-readable storage medium | |
| US11429311B1 (en) | Method and system for managing requests in a distributed system | |
| EP3314458A1 (en) | Presenting content using decoupled presentation resources | |
| CN112835638A (en) | Configuration information management method and device based on embedded application program | |
| US11500837B1 (en) | Automating optimizations for items in a hierarchical data store | |
| CN113076086B (en) | Metadata management system and method for modeling model object using the same | |
| CN113132241B (en) | ACL template dynamic configuration method and device | |
| US8560572B2 (en) | System for lightweight objects | |
| US20140189715A1 (en) | Conversion of lightweight object to a heavyweight object |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |