CN114116042B - Command processing method and system for Linux service system - Google Patents
Command processing method and system for Linux service system Download PDFInfo
- Publication number
- CN114116042B CN114116042B CN202111273479.2A CN202111273479A CN114116042B CN 114116042 B CN114116042 B CN 114116042B CN 202111273479 A CN202111273479 A CN 202111273479A CN 114116042 B CN114116042 B CN 114116042B
- Authority
- CN
- China
- Prior art keywords
- command
- operation command
- target operation
- service
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 16
- 238000000034 method Methods 0.000 claims description 79
- 238000010586 diagram Methods 0.000 description 10
- 238000004458 analytical method Methods 0.000 description 7
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000003860 storage Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Abstract
The invention discloses a command processing method and a command processing system for a Linux service system, wherein the command processing method comprises the following steps: the system management service analyzes the received target operation command and determines the user permission command type corresponding to the target operation command; according to the user authority command type, sending the target operation command to a command execution service corresponding to the user authority command type; the command execution service matches the target operation command with the operation command in the operation command list corresponding to the command execution service to obtain a first matching result; when the first matching result indicates that the target operation command exists in an operation command handle list corresponding to the command execution service, the command execution service executes the target operation command and returns an execution result to a sending end of the target operation command.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a command processing method and system for a Linux service system.
Background
When the server based on the Linux operating system is managed and configured, the user name password provided by the operating system can be used for direct login operation, or a set of management system based on a network can be deployed on the server, and the management and configuration of the server can be performed through network connection. The network-based management system is generally composed of a network service component and a management module with server management and configuration functions, execution authorities of the Linux operating system are required to be managed and divided into root user authorities and common user authorities, and the Linux operating system is configured in various types, wherein most of the Linux operating system needs the root user authorities. Therefore, the management system needs to be started and operated by the root user permission to have the permission to manage and configure the server, but if the management system is broken by a third party maliciously, the third party can directly obtain the root user permission and can perform any operation on the Linux operating system because the management system is started by the root user permission.
Disclosure of Invention
The invention provides a command processing method and a command processing system for a Linux service system, which aim to solve the problem of how to process operation commands.
In order to solve the above problems, according to an aspect of the present invention, there is provided a command processing method for a Linux service system, the method comprising:
The system management service analyzes the received target operation command and determines the user permission command type corresponding to the target operation command;
according to the user authority command type, sending the target operation command to a command execution service corresponding to the user authority command type;
The command execution service matches the target operation command with the operation command in the operation command list corresponding to the command execution service to obtain a first matching result;
When the first matching result indicates that the target operation command exists in an operation command handle list corresponding to the command execution service, the command execution service executes the target operation command and returns an execution result to a sending end of the target operation command.
Preferably, the system management service is started based on Linux ordinary user permission and is used for providing the network-based system management service to the outside, and the system management service process has Linux ordinary user execution permission.
Preferably, the command execution service is started by Linux root users and Linux common user rights respectively, and is used for providing command execution service based on a local network, the system management service can access the command execution service only when the system management service and the command execution service are on the same Linux server, and the command execution service process comprises: the method comprises the steps of a first command execution service process with Linux common user execution authority and a second command execution service process with Linux root user execution authority.
Preferably, the system management service parses the received operation command to determine a user permission command type corresponding to the target operation command, including:
the system management service matches the target operation command with the operation commands in the operation command list corresponding to different user authority command types, a second matching result is obtained, and the user authority command type corresponding to the target operation command is determined according to the second matching result;
when the target operation command exists in a Root user authority command list, determining that the user authority command type is a Root user authority command; and when the target operation command exists in the common user authority command list, determining that the user authority command type is the common user authority command.
Preferably, wherein the method further comprises:
when the first matching result indicates that the target operation command does not exist in an operation command handle list corresponding to the command execution service, the command execution service does not execute the target operation command and returns error information to a sending end of the target operation command;
When the user authority command type corresponding to the target operation command cannot be determined, the system management service does not execute the target operation command and returns error information to the sending end of the target operation command.
According to another aspect of the present invention, there is provided a command processing system for a Linux service-oriented system, the system comprising: a system management service and a target execution service; wherein,
The system management service is used for analyzing the received target operation command and determining the user permission command type corresponding to the target operation command; the target operation command is sent to a command execution service corresponding to the user permission command type according to the user permission command type;
The command execution service is used for matching the target operation command with the operation command in the operation command list corresponding to the command execution service to obtain a first matching result; and the command execution service is used for executing the target operation command and returning an execution result to a sending end of the target operation command when the first matching result indicates that the target operation command exists in an operation command handle list corresponding to the command execution service.
Preferably, the system management service is started based on Linux ordinary user permission and is used for providing the network-based system management service to the outside, and the system management service process has Linux ordinary user execution permission.
Preferably, the command execution service is started by Linux root users and Linux common user rights respectively, and is used for providing command execution service based on a local network, the system management service can access the command execution service only when the system management service and the command execution service are on the same Linux server, and the command execution service process comprises: the method comprises the steps of a first command execution service process with Linux common user execution authority and a second command execution service process with Linux root user execution authority.
Preferably, the system management service parses the received operation command to determine a user permission command type corresponding to the target operation command, including:
the system management service matches the target operation command with the operation commands in the operation command list corresponding to different user authority command types, a second matching result is obtained, and the user authority command type corresponding to the target operation command is determined according to the second matching result;
when the target operation command exists in a Root user authority command list, determining that the user authority command type is a Root user authority command; and when the target operation command exists in the common user authority command list, determining that the user authority command type is the common user authority command.
Preferably, the command execution service is further configured to: when the first matching result indicates that the target operation command does not exist in the operation command handle list corresponding to the command execution service, the target operation command is not executed, and error information is returned to the sending end of the target operation command;
The system management service is further configured to, when the user permission command type corresponding to the target operation command cannot be determined, not execute the target operation command, and return error information to the sending end of the target operation command.
The invention provides a command processing method and a command processing system for a Linux service system, wherein the command processing method comprises the following steps: the system management service determines a user authority command type corresponding to the target operation command; the target operation command is sent to a command execution service corresponding to the user authority command type; the command execution service performs matching to obtain a first matching result; and when the first matching result indicates that the target operation command exists in the operation command handle list corresponding to the command execution service, executing the target operation command, and returning an execution result to a sending end of the target operation command. According to the method, the operation command is divided into the root user authority operation command and the non-root user authority operation command, the execution of the operation command is logically isolated, the system management service is started by the ordinary user authority for receiving the external operation command, the command analysis and the command forwarding operation can only be executed, the root user authority is not available, even if an invader maliciously invades the Linux operation system through the system management service, the invader can only obtain the ordinary user authority, the root user authority can not be obtained to modify the Linux operation system, and the system safety is improved.
Drawings
Exemplary embodiments of the present invention may be more completely understood in consideration of the following drawings:
FIG. 1 is a flowchart of a command processing method 100 for a Linux service system according to an embodiment of the present invention;
FIG. 2 is a logic diagram of a command processing method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of executing an operation command according to an embodiment of the present invention;
Fig. 4 is a schematic structural diagram of a command processing system 400 facing a Linux service system according to an embodiment of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present invention and fully convey the scope of the invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, like elements/components are referred to by like reference numerals.
Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Fig. 1 is a flowchart of a command processing method 100 for a Linux service system according to an embodiment of the present invention. As shown in fig. 1, in the command processing method for a Linux service system according to the embodiment of the present invention, an operation command is divided into a root user authority operation command and a non-root user authority operation command, execution of the operation command is logically isolated, a system management service receives an external operation command from a network, and is started with a normal user authority, only command analysis and command forwarding operations can be executed, and the Linux service is not provided with the root user authority, even if an intruder maliciously intrudes into the Linux operation system through the system management service, the intruder can only acquire the normal user authority, and cannot acquire the root user authority to modify the Linux operation system, thereby improving system security. The command processing method 100 for the Linux service system provided by the embodiment of the invention comprises the following steps:
And step 101, the system management service analyzes the received target operation command and determines the type of the user permission command corresponding to the target operation command.
Preferably, the system management service is started based on Linux ordinary user permission and is used for providing the network-based system management service to the outside, and the system management service process has Linux ordinary user execution permission.
And step 102, according to the user authority command type, the target operation command is sent to a command execution service corresponding to the user authority command type.
Preferably, the command execution service is started by Linux root users and Linux common user rights respectively, and is used for providing command execution service based on a local network, the system management service can access the command execution service only when the system management service and the command execution service are on the same Linux server, and the command execution service process comprises: the method comprises the steps of a first command execution service process with Linux common user execution authority and a second command execution service process with Linux root user execution authority.
In the present invention, the method of the present invention is implemented based on a system management service and a command execution service. The system management service is started by using Linux ordinary user permission, and externally provides system management service based on a network, so that the system management service process has Linux ordinary user execution permission. The command execution service is respectively started by Linux root users and Linux common user rights, and provides command execution service based on a local network, and the command execution service can be accessed by the system management service only if the system management service and the command execution service are positioned on the same Linux server. One command execution service process has Linux common user execution authority, and one command execution service process has Linux root user execution authority.
As shown in fig. 2, the system management service exists in a process a after being started with the authority of a common user a, and has the operation authority of the common user; a command execution service exists in a process B after being started by a common user B authority, and has a common user operation authority; the other command execution service exists in a process C after being started by the root user authority, and has the root user operation authority.
Preferably, the system management service parses the received operation command to determine a user permission command type corresponding to the target operation command, including:
the system management service matches the target operation command with the operation commands in the operation command list corresponding to different user authority command types, a second matching result is obtained, and the user authority command type corresponding to the target operation command is determined according to the second matching result;
when the target operation command exists in a Root user authority command list, determining that the user authority command type is a Root user authority command; and when the target operation command exists in the common user authority command list, determining that the user authority command type is the common user authority command.
In the invention, the system management service monitors the network externally, analyzes the operation command after receiving the operation command sent by the command sending end in the external network, and two preset command lists are arranged in the command analysis module: root user permission command list and normal user permission command list. The command analysis module searches the operation command in the list to obtain a matching result, and when the operation command belongs to the Root user permission command list according to the matching result, the operation command is forwarded to a command execution service with the Root user execution permission; when the operation command belongs to the common user authority command list, the operation command is forwarded to a command execution service with common user execution authority, and a result returned by the command execution service is returned to the command sending end.
Preferably, wherein the method further comprises:
When the first matching result indicates that the target operation command does not exist in the operation command handle list corresponding to the command execution service, the command execution service does not execute the target operation command and returns error information to the sending end of the target operation command.
In the invention, if the operation command is not in the two lists, the operation command is not executed, and error information is directly returned to the command sending end.
Step 103, the command execution service matches the target operation command with the operation command in the operation command list corresponding to the command execution service, and obtains a first matching result.
Step 104, when the first matching result indicates that the target operation command exists in the operation command handle list corresponding to the command execution service, the command execution service executes the target operation command and returns an execution result to the sending end of the target operation command.
Preferably, wherein the method further comprises:
When the user authority command type corresponding to the target operation command cannot be determined, the system management service does not execute the target operation command and returns error information to the sending end of the target operation command.
In the invention, after receiving the operation command, the command execution service with the Root user execution authority also searches and judges the operation command to obtain a first matching result, if the first matching result indicates that the operation command is found in the Root user authority command list, the operation command is executed, otherwise, the operation command is not executed, and error information is returned to the sending end of the target operation command.
After receiving the operation command, the command execution service with the common user execution authority also searches and judges the operation command to obtain a first matching result, if the first matching result indicates that the operation command is found in the common user authority command list, the operation command is executed, otherwise, the operation command is not executed, and error information is returned to the sending end of the target operation command.
As shown in fig. 3, two specific operation commands are taken as examples: acquiring network card information and setting the network card information. The method comprises the steps that network card information is acquired to perform read operation on an operating system, and the network card information belongs to low-authority operation commands, and common user authorities can be executed; setting network card information to write operation to the operation system, belonging to the operation command of the highest authority of the system, wherein the common user authority is forbidden to execute and only root user authority can execute.
The executing process for acquiring the network card information comprises the following steps:
Step 1: the system management service (process A) receives a command for acquiring network card information sent by a command sending end of an external network;
step 2: the analysis module of the system management service (process A) analyzes the command and searches the command in a common user authority command list;
step 3: the system management service (process a) forwards the command to the command execution service (process B) started with the ordinary user B;
step 4: the command execution service (process B) receives the operation command;
step 5: the command execution service (process B) judges whether the command is in the normal user authority command list, if not, the command returns an error directly, otherwise, the next step is continued;
Step 6: the command execution service (process B) executes the command;
Step 7: the command execution service (process B) returns an execution result or an error code to the system management service (process A);
step 8: the system management service (process A) receives the execution result;
Step 9: the system management service (process A) returns an execution result to the command sending end;
step 10: and (5) ending.
The executing process of setting the network card information comprises the following steps:
Step 1: the system management service (process A) receives a network card information setting command sent by a command sending end of an external network;
step 2: the analysis module of the system management service (process A) analyzes the command and searches the command in a root user authority command list;
Step 3: the system management service (process a) forwards the command to the command execution service (process C) started by the root user;
step 4: the command execution service (process C) receives the operation command;
Step 5: the command execution service (process C) judges whether the command is in the root user authority command list, if not, the command returns an error directly, otherwise, the next step is continued;
Step 6: the command execution service (process C) executes the command;
Step 7: the command execution service (process C) returns an execution result or an error code to the system management service (process A);
step 8: the system management service (process A) receives the execution result;
Step 9: the system management service (process A) returns an execution result to the command sending end;
step 10: and (5) ending.
According to the method, the system operation command is divided into the root user authority operation command and the non-root user authority operation command, the execution of the operation command is logically isolated, the system management service is started by the ordinary user authority for receiving the external operation command, the command analysis and the command forwarding operation can only be executed, the root user authority is not available, even if an invader maliciously invades the Linux operation system through the system management service, the invader can only obtain the ordinary user authority, the root user authority can not be obtained to modify the Linux operation system, and the system safety is improved.
The command execution service limits the range of executable root user authority operation commands and common user authority operation commands through a predefined command list, and external operation commands cannot perform unrestricted root user authority operation on the Linux operation system through the system management service, so that the system safety is improved.
The system management service started by the ordinary user permission, the command execution service started by the root user permission and the command execution service started by the ordinary user permission respectively belong to different Linux operating system user processes, any process is maliciously invaded by an invader, and the user permissions of other processes cannot be directly obtained.
Fig. 4 is a schematic structural diagram of a command processing system 400 facing a Linux service system according to an embodiment of the present invention. As shown in fig. 4, a command processing system 400 for a Linux service system according to an embodiment of the present invention includes: a system management service 401 and a target execution service 402.
Preferably, the system management service 401 is configured to parse the received target operation command, and determine a user permission command type corresponding to the target operation command; and the target operation command is sent to a command execution service corresponding to the user authority command type according to the user authority command type.
Preferably, the system management service is started based on Linux ordinary user permission and is used for providing the network-based system management service to the outside, and the system management service process has Linux ordinary user execution permission.
Preferably, the system management service 401 parses the received operation command to determine a user permission command type corresponding to the target operation command, including:
the system management service matches the target operation command with the operation commands in the operation command list corresponding to different user authority command types, a second matching result is obtained, and the user authority command type corresponding to the target operation command is determined according to the second matching result;
when the target operation command exists in a Root user authority command list, determining that the user authority command type is a Root user authority command; and when the target operation command exists in the common user authority command list, determining that the user authority command type is the common user authority command.
Preferably, the system management service 401 is further configured to, when the type of the user permission command corresponding to the target operation command cannot be determined, not execute the target operation command, and return an error message to the sending end of the target operation command.
Preferably, the command execution service 402 is configured to match the target operation command with an operation command in an operation command list corresponding to the command execution service, so as to obtain a first matching result; and the command execution service is used for executing the target operation command and returning an execution result to a sending end of the target operation command when the first matching result indicates that the target operation command exists in an operation command handle list corresponding to the command execution service.
Preferably, the command execution service is started by Linux root users and Linux common user rights respectively, and is used for providing command execution service based on a local network, the system management service can access the command execution service only when the system management service and the command execution service are on the same Linux server, and the command execution service process comprises: the method comprises the steps of a first command execution service process with Linux common user execution authority and a second command execution service process with Linux root user execution authority.
Preferably, the command execution service 402 is further configured to: and when the first matching result indicates that the target operation command does not exist in the operation command handle list corresponding to the command execution service, the target operation command is not executed, and error information is returned to the sending end of the target operation command.
The command processing system 400 for a Linux service system according to the embodiment of the present invention corresponds to the command processing method 100 for a Linux service system according to another embodiment of the present invention, and is not described herein.
The invention has been described with reference to a few embodiments. However, as is well known to those skilled in the art, other embodiments than the above disclosed invention are equally possible within the scope of the invention, as defined by the appended patent claims.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise therein. All references to "a/an/the [ means, component, etc. ]" are to be interpreted openly as referring to at least one instance of said means, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (6)
1. A command processing method for a Linux service system, the method comprising:
The system management service analyzes the received target operation command and determines the user permission command type corresponding to the target operation command;
according to the user authority command type, sending the target operation command to a command execution service corresponding to the user authority command type;
The command execution service matches the target operation command with the operation command in the operation command list corresponding to the command execution service to obtain a first matching result;
When the first matching result indicates that the target operation command exists in an operation command handle list corresponding to the command execution service, the command execution service executes the target operation command and returns an execution result to a sending end of the target operation command;
The system management service is started based on Linux ordinary user permission and is used for providing network-based system management service to the outside, and the system management service process has Linux ordinary user execution permission;
The command execution service is started by Linux root users and Linux common user rights respectively and is used for providing command execution service based on a local network, the command execution service can be accessed by the system management service only when the system management service and the command execution service are positioned on the same Linux server, and the command execution service process comprises: the method comprises the steps of a first command execution service process with Linux common user execution authority and a second command execution service process with Linux root user execution authority.
2. The method of claim 1, wherein the system management service parsing the received operation command to determine a user permission command type corresponding to the target operation command, comprising:
the system management service matches the target operation command with the operation commands in the operation command list corresponding to different user authority command types, a second matching result is obtained, and the user authority command type corresponding to the target operation command is determined according to the second matching result;
when the target operation command exists in a Root user authority command list, determining that the user authority command type is a Root user authority command; and when the target operation command exists in the common user authority command list, determining that the user authority command type is the common user authority command.
3. The method according to claim 1, wherein the method further comprises:
when the first matching result indicates that the target operation command does not exist in an operation command handle list corresponding to the command execution service, the command execution service does not execute the target operation command and returns error information to a sending end of the target operation command;
When the user authority command type corresponding to the target operation command cannot be determined, the system management service does not execute the target operation command and returns error information to the sending end of the target operation command.
4. A command processing system for a Linux-oriented service system, the system comprising: a system management service and a target execution service; wherein,
The system management service is used for analyzing the received target operation command and determining the user permission command type corresponding to the target operation command; the target operation command is sent to a command execution service corresponding to the user permission command type according to the user permission command type;
The command execution service is used for matching the target operation command with the operation command in the operation command list corresponding to the command execution service to obtain a first matching result; the command execution service is used for executing the target operation command and returning an execution result to a sending end of the target operation command when the first matching result indicates that the target operation command exists in an operation command handle list corresponding to the command execution service;
The system management service is started based on Linux ordinary user permission and is used for providing network-based system management service to the outside, and the system management service process has Linux ordinary user execution permission;
The command execution service is started by Linux root users and Linux common user rights respectively and is used for providing command execution service based on a local network, the command execution service can be accessed by the system management service only when the system management service and the command execution service are positioned on the same Linux server, and the command execution service process comprises: the method comprises the steps of a first command execution service process with Linux common user execution authority and a second command execution service process with Linux root user execution authority.
5. The system of claim 4, wherein the system management service resolving the received operation command to determine a user permission command type corresponding to the target operation command comprises:
the system management service matches the target operation command with the operation commands in the operation command list corresponding to different user authority command types, a second matching result is obtained, and the user authority command type corresponding to the target operation command is determined according to the second matching result;
when the target operation command exists in a Root user authority command list, determining that the user authority command type is a Root user authority command; and when the target operation command exists in the common user authority command list, determining that the user authority command type is the common user authority command.
6. The system of claim 4, wherein the system further comprises a controller configured to control the controller,
The command execution service is further configured to: when the first matching result indicates that the target operation command does not exist in the operation command handle list corresponding to the command execution service, the target operation command is not executed, and error information is returned to the sending end of the target operation command;
The system management service is further configured to, when the user permission command type corresponding to the target operation command cannot be determined, not execute the target operation command, and return error information to the sending end of the target operation command.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111273479.2A CN114116042B (en) | 2021-10-29 | 2021-10-29 | Command processing method and system for Linux service system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111273479.2A CN114116042B (en) | 2021-10-29 | 2021-10-29 | Command processing method and system for Linux service system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114116042A CN114116042A (en) | 2022-03-01 |
| CN114116042B true CN114116042B (en) | 2024-04-26 |
Family
ID=80379503
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111273479.2A Active CN114116042B (en) | 2021-10-29 | 2021-10-29 | Command processing method and system for Linux service system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114116042B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529312A (en) * | 2016-10-25 | 2017-03-22 | 广东欧珀移动通信有限公司 | Method and device for permission control of mobile terminal, and mobile terminal |
| CN110971580A (en) * | 2018-09-30 | 2020-04-07 | 北京国双科技有限公司 | Authority control method and device |
| CN113190836A (en) * | 2021-03-29 | 2021-07-30 | 贵州电网有限责任公司 | Web attack behavior detection method and system based on local command execution |
| WO2021195897A1 (en) * | 2020-03-30 | 2021-10-07 | 华为技术有限公司 | Voice control method and smart terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2570655B (en) * | 2018-01-31 | 2020-12-16 | Avecto Ltd | Managing privilege delegation on a server device |
-
2021
- 2021-10-29 CN CN202111273479.2A patent/CN114116042B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529312A (en) * | 2016-10-25 | 2017-03-22 | 广东欧珀移动通信有限公司 | Method and device for permission control of mobile terminal, and mobile terminal |
| CN110971580A (en) * | 2018-09-30 | 2020-04-07 | 北京国双科技有限公司 | Authority control method and device |
| WO2021195897A1 (en) * | 2020-03-30 | 2021-10-07 | 华为技术有限公司 | Voice control method and smart terminal |
| CN113190836A (en) * | 2021-03-29 | 2021-07-30 | 贵州电网有限责任公司 | Web attack behavior detection method and system based on local command execution |
Non-Patent Citations (1)
| Title |
|---|
| 如何防止黑客利用telnet或rlogin攻击Linux系统;王九菊, 郭学理;微型机与应用(09);50-52 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114116042A (en) | 2022-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9081967B2 (en) | System and method for protecting computers from software vulnerabilities | |
| US8966634B2 (en) | System and method for correcting antivirus records and using corrected antivirus records for malware detection | |
| WO2021051878A1 (en) | Cloud resource acquisition method and apparatus based on user permission, and computer device | |
| EP1410213B1 (en) | Mobile application access control list security system | |
| CN111061685B (en) | Log query method and device, node equipment and storage medium | |
| US7178164B1 (en) | System and method for ensuring proper implementation of computer security policies | |
| CN110289965B (en) | Application program service management method and device | |
| CN113179271A (en) | Intranet security policy detection method and device | |
| US7328340B2 (en) | Methods and apparatus to provide secure firmware storage and service access | |
| US20180026986A1 (en) | Data loss prevention system and data loss prevention method | |
| US20050120237A1 (en) | Control of processes in a processing system | |
| US8959645B2 (en) | Method for providing control information for a distributed operation in an automation system, computer program and automation system | |
| CN115701019A (en) | Access request processing method and device of zero trust network and electronic equipment | |
| CN114116042B (en) | Command processing method and system for Linux service system | |
| CN112214756A (en) | Authority management system, method and storage medium of consumption machine | |
| CN115086081B (en) | Escape prevention method and system for honeypots | |
| US7703135B2 (en) | Accessing protected resources via multi-identity security environments | |
| US20030065795A1 (en) | Computer system and method for managing remote access of user resources | |
| EP3918497A1 (en) | Task engine | |
| EP2835757B1 (en) | System and method protecting computers from software vulnerabilities | |
| US11983694B2 (en) | Information processing device for retail transaction processing systems | |
| US20230222481A1 (en) | Information processing device for retail transaction processing systems | |
| CN109150863B (en) | Desktop cloud access control method and device and desktop cloud terminal equipment | |
| JP2007241549A (en) | Unauthorized access preventing method, unauthorized access preventing system and program | |
| CN117688551A (en) | Startup path white list updating method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |