CN116756753A - Operating system command control method, device, equipment, medium and product - Google Patents

Operating system command control method, device, equipment, medium and product Download PDF

Info

Publication number
CN116756753A
CN116756753A CN202310698674.2A CN202310698674A CN116756753A CN 116756753 A CN116756753 A CN 116756753A CN 202310698674 A CN202310698674 A CN 202310698674A CN 116756753 A CN116756753 A CN 116756753A
Authority
CN
China
Prior art keywords
command
user
operating system
current user
issuing authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310698674.2A
Other languages
Chinese (zh)
Inventor
金慧敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310698674.2A priority Critical patent/CN116756753A/en
Publication of CN116756753A publication Critical patent/CN116756753A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure provides an operating system command control method, apparatus, device, storage medium, and program product, which can be applied to the financial field or other fields. The operating system command control method comprises the following steps: acquiring role information of a current user and a configuration file corresponding to the command type of an operating system; the configuration file comprises a corresponding relation between user role information and command issuing authority of the operating system; determining command issuing authority corresponding to the role information of the current user according to the configuration file; distributing command issuing authority to the current user; and under the condition that the command issuing authority of the current user is determined to be in an activated state based on the level of the command issued by the user, performing operation system control based on the command issued by the current user.

Description

Operating system command control method, device, equipment, medium and product
Technical Field
The present disclosure relates to the field of finance, and more particularly, to an operating system command control method, apparatus, device, medium, and program product.
Background
An operating system is a system that helps an operating system accept jobs, convert them into an internal format of the operating system, select job execution, and process job output.
The existing method generally limits the issuing of the high-risk job command by setting the issuing authority of the user command, but the method easily causes the high-risk command to be issued by the high-authority user due to misoperation, and influences the job processing and the stability of the operation system.
Disclosure of Invention
In view of the foregoing, the present disclosure provides operating system command control methods, apparatuses, devices, media, and program products that improve system stability.
According to a first aspect of the present disclosure, there is provided an operating system command control method, including: acquiring role information of a current user and a configuration file corresponding to the command type of an operating system; the configuration file comprises a corresponding relation between user role information and command issuing authority of the operating system; determining command issuing authority corresponding to the role information of the current user according to the configuration file; distributing command issuing authority to the current user; and under the condition that the command issuing authority of the current user is determined to be in an activated state based on the level of the command issued by the user, performing operation system control based on the command issued by the current user.
According to an embodiment of the present disclosure, the role information includes a first identifier for indicating a user group where a current user is located, and determining, according to a configuration file, command issuing authority corresponding to the role information of the current user includes: and determining command issuing authority corresponding to the user group where the current user is located according to the first identification.
According to an embodiment of the present disclosure, a user group in which a current user is located is commonly determined by a second identifier for representing a position of the user and a third identifier for representing a department in which the current user is located, and the user group in which the current user is located is commonly determined according to the second identifier and the third identifier, including: determining a user group to be selected corresponding to the user position of the current user according to the second identifier; and determining the user group corresponding to the department to which the user of the current user belongs and the user position according to the third identification.
According to an embodiment of the present disclosure, further comprising: grading the operating system commands based on the command content; the operating system commands are divided into a first-level command, a second-level command and a third-level command, wherein the first-level command is a command for modifying the configuration of the operating system, the second-level command is a command for modifying the operation state, and the third-level command is a command for viewing and displaying.
According to an embodiment of the present disclosure, determining command issuing authority corresponding to role information of a current user according to a configuration file includes: determining that the command issuing authority corresponding to the role information of the current user is one of the following command issuing authorities according to the configuration file: system maintenance rights, application maintenance rights, and conventional user rights; the system maintenance authority is used for issuing commands of any level; the application maintenance authority is used for issuing second and third level commands; conventional user rights are used to issue third level commands.
According to an embodiment of the present disclosure, assigning command issuing rights to a current user includes: assigning command issuing rights to a user group; and the user group sequentially distributes command issuing authorities to users in the group according to the first identification.
According to an embodiment of the present disclosure, further comprising: and deleting the first identifier in the role information of the user and the command issuing authority corresponding to the user group corresponding to the first identifier in response to the user moving out of the user group.
According to an embodiment of the present disclosure, determining command issuing authority of a current user based on a level of a command issued by the user includes: determining a command level of a command issued by a current user; and under the condition that the command is the first-level command, determining that the command issuing authority of the current user is in an activated state.
A second aspect of the present disclosure provides an operating system command control apparatus, including: the acquisition module is used for acquiring the role information of the current user and the configuration file corresponding to the command type of the operating system; the configuration file comprises a corresponding relation between user role information and command issuing authority of the operating system; the determining module is used for determining command issuing authority corresponding to the role information of the current user according to the configuration file; the distribution module is used for distributing command issuing authorities to current users; and the control module is used for controlling the operating system based on the command issued by the current user under the condition that the command issuing authority of the current user is determined to be in an activated state based on the level of the command issued by the user.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the operating system command control method described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described operating system command control method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described operating system command control method.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of an operating system command control method, apparatus, device, medium, and program product according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of an operating system command control method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow chart of determining a user group in which a current user is located, according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a block diagram of an operating system command control apparatus according to an embodiment of the present disclosure; and
fig. 5 schematically illustrates a block diagram of an electronic device adapted to implement an operating system command control method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that the method and apparatus for controlling an operating system command provided in the present disclosure may be used in the financial field, and may also be used in any field other than the financial field, and the application field of the method and apparatus for controlling an operating system command in the present disclosure is not limited.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related personal information of the user all conform to the regulations of related laws and regulations, necessary security measures are taken, and the public order harmony is not violated.
The embodiment of the disclosure provides an operating system command control method, which comprises the following steps: acquiring role information of a current user and a configuration file corresponding to the command type of an operating system; the configuration file comprises a corresponding relation between user role information and command issuing authority of the operating system; determining command issuing authority corresponding to the role information of the current user according to the configuration file; distributing command issuing authority to the current user; and under the condition that the command issuing authority of the current user is determined to be in an activated state based on the level of the command issued by the user, performing operation system control based on the command issued by the current user.
Fig. 1 schematically illustrates an application scenario diagram of an operating system command control method, apparatus, device, medium and program product according to an embodiment of the present disclosure.
It should be noted that fig. 1 illustrates only an example of an application scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but it does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments, or scenarios.
As shown in fig. 1, an application scenario 100 according to this embodiment may include terminals 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the operating system command control method provided in the embodiments of the present disclosure may be generally executed by the server 105. Accordingly, the operating system command control apparatus provided in the embodiments of the present disclosure may be generally disposed in the server 105. The operating system command control method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the operating system command control apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The operating system command control method of the disclosed embodiment will be described in detail below with reference to fig. 2 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flowchart of an operating system command control method according to an embodiment of the present disclosure.
As shown in fig. 2, the operating system command control method of this embodiment includes operations S210 to S240.
In operation S210, acquiring role information of a current user and a configuration file corresponding to an operating system command type; the configuration file comprises a corresponding relation between user role information and command issuing authority of the operating system.
In operation S220, a command issuing authority corresponding to the character information of the current user is determined according to the configuration file.
In operation S230, a command issuing authority is assigned to the current user.
In operation S240, in the case where it is determined that the command issuing authority of the current user is in the activated state based on the level of the user issuing command, the operating system control is performed based on the command issued by the current user.
In the embodiment of the disclosure, the command issuing authority of the user is determined based on the user role information and the configuration file, the command issued by the user is initially controlled by utilizing the command issuing authority, and the user cannot override the command issuing to control the operating system.
In addition, the embodiment of the disclosure sets corresponding command issuing authority states for commands of different grades, and for some high-risk commands, the user needs to have corresponding command issuing authority states, and only when the command issuing authority, the command issuing authority states and the command grades are matched one by one, the control of the operating system can be realized through the commands, namely, the embodiment of the disclosure designates different issuing conditions for the commands of different grades.
For some high-risk instructions which are higher in level and possibly have great influence on configuration information of an operating system, the high-risk instructions can be issued only after the issuing conditions are met, the high-risk instructions issued by a user are further controlled by utilizing the command issuing authority state, the problem that the operating system is unstable due to the fact that the high-risk instructions are randomly issued can be avoided, and the stability and the safety of the operating system are effectively improved.
In the above step S220, determining, according to the configuration file, command issuing authority corresponding to the role information of the current user, including:
and determining command issuing authority corresponding to the user group where the current user is located according to the first identification.
Wherein the role information includes a first identifier for indicating a user group in which the current user is located.
In the embodiment of the disclosure, the user group where the user is located is determined by acquiring the role information of the user, the corresponding relation between the user group and the command issuing authority is determined based on the preset configuration file, and then the command issuing authority corresponding to the role information of the current user is determined based on the corresponding relation between the user group and the command issuing authority.
In an embodiment of the present disclosure, further includes: and determining the user group of the current user through the user position and the department to which the user belongs.
Fig. 3 schematically illustrates a flow chart of determining a user group in which a current user is located, according to an embodiment of the present disclosure.
As shown in fig. 3, the operating system command control method of this embodiment includes operations S310 to S320.
In operation S310, a group of users to be selected corresponding to the user position of the current user is determined according to the second identification.
In operation S320, a user group corresponding to both the department to which the user of the current user belongs and the user position is determined according to the third identification.
The second identifier is used for representing the position of the current user, and the third identifier is used for representing the department to which the current user belongs.
In the embodiment of the disclosure, for example, a department to which a certain user belongs is an application part, a job position is a monitoring person, and the department and the job position to which the user belongs are converted into corresponding character sequences based on a preset identification rule, so as to obtain a second identifier and a third identifier.
And then the second identifier and the third identifier are used for matching the corresponding user group for the user. When the user matches the corresponding user group, a first identifier comprising the user group representing the current user is issued for the user, and the first identifier is used for determining command issuing authority corresponding to the user group of the current user.
The embodiment of the disclosure uses the identification to replace the related information of the user and the user group, can effectively reduce the length of the character string, saves the storage resource and quickens the recognition speed. And the first identifier, the second identifier and the third identifier are character sequences obtained after the conversion of a preset identifier rule, so that the user information is effectively encrypted, the privacy safety of the user information is protected, and the potential safety hazards of user information leakage and command issuing by a pirate by utilizing the leaked user information are prevented.
In addition, the embodiment of the disclosure further discloses grading the operating system commands based on the command content, and dividing the operating system commands into a first grade command, a second grade command and a third grade command. The first level command is a command for modifying the configuration of the operating system, the second level command is a command for modifying the operation state, and the third level command is a command for viewing and displaying.
The following describes the embodiments of the present disclosure, wherein the first level commands in the operating system commands are shown in table 1:
TABLE 1
The second level commands in the operating system commands are shown in Table 2:
TABLE 2
Command Policy (PROFILE) name Meaning of
$C J JES2.CANCEL.BAT Canceling operation
The third level of commands in the operating system commands are shown in Table 3:
TABLE 3 Table 3
As can be seen from table 1, table 2 and table 3, the embodiments of the present disclosure divide commands into a first level, a second level and a third level according to the influence degree of the commands on the operating system. The first level of commands are high-risk commands that have a large impact on the configuration and status of the operating system, so that further supervision is required to avoid the high-risk commands being issued at will. The second level command is a command for canceling the operation in the current operating system, only affects the operation state, and does not affect the operating system, so that the risk of dividing the operation state into the second level command is smaller than that of dividing the operation state into the first level command. The third command is a low risk command that does not affect the stability of the operating system even if it is randomly issued, such as viewing and displaying, and therefore, no monitoring is required.
For different risk levels of the commands, the embodiments of the present disclosure further propose:
the command operation authority in the embodiment of the disclosure includes: system maintenance rights, application maintenance rights, and regular user rights. The system maintenance authority is used for issuing commands of any level, the application maintenance authority is used for issuing commands of a second level and a third level, and the conventional user authority is used for issuing commands of the third level.
Further, determining command issuing authority corresponding to the role information of the current user according to the configuration file includes:
determining that the command issuing authority corresponding to the role information of the current user is one of the following command issuing authorities according to the configuration file:
system maintenance rights, application maintenance rights, and regular user rights.
In the embodiment of the disclosure, different command issuing authorities are set for different command levels, so that subsequent monitoring is performed for different command levels, for example, the risk of a first level command is higher, and the stability of an operating system is easier to influence after issuing, so that strict monitoring is required, and the command cannot be issued at will. The third-level commands are low-risk commands such as checking and displaying, and even if the third-level commands are randomly issued, the third-level commands cannot influence an operating system, so that excessive monitoring is not needed. According to the embodiment of the disclosure, by setting different command levels and command issuing authorities, the flexible monitoring of issuing commands is realized, and system resources are saved.
In the above step S230, assigning command issuing authority to the current user includes:
the command issuing authority is assigned to the user group.
And the user group distributes command issuing authority to the users in the group according to the first identification.
In the embodiment of the disclosure, the preset configuration file includes a corresponding relationship between a first identifier in the user role information and the command issuing authority. And based on the corresponding relation, distributing the command issuing authority to the user group represented by the first identifier, and then distributing the command issuing authority to the users in the group by the user group.
In addition, assigning command issuing authority to the current user may further include: and reading a first identifier in the role information of the current user, and distributing command issuing authority to the current user based on the first identifier.
In the embodiment of the present disclosure, corresponding to the command issuing authority is a first identifier that identifies the user group in which the user is located, not the user itself. The disclosed embodiments allocate command issuing rights by allocating command issuing rights users to a first identity.
For a large-scale system, if the number of users is huge, if command issuing authority operation matching judgment is carried out on each user, the workload is overlarge, and because personnel in a large-scale enterprise flow frequently, correspondingly, the frequency of user change in the system is higher, a large amount of manpower and material resources are consumed no matter the user operation authority is given, changed or recovered, and the operation authority management inadequately caused by negligence is easy to occur because the number is too high.
The method for distributing the command issuing authority through the user group can effectively realize simple and convenient management of the user and the command issuing authority, effectively simplify the command issuing authority distribution flow, and realize quick distribution and management of the command issuing authority.
Embodiments of the present disclosure may further include: and deleting the first identifier in the role information of the user and the command issuing authority corresponding to the user group corresponding to the first identifier in response to the user exiting the user group.
For example, the department and job position of the user 1 are changed due to personnel variation, the changed user 1 exits from the current user group a, the user 1 exits from the user group a, the first identifier representing the user group a in the user role information is deleted, and accordingly, the user 1 does not have the command issuing authority corresponding to the first identifier because the first identifier representing the user group a is not included in the role information of the user 1. Further, the user 1 joins the user group B, and the role information of the user 1 includes a first identifier indicating the user group B, and at this time, the user 1 is assigned with command issuing authority corresponding to the first identifier representing the user group B.
According to the embodiment of the disclosure, the conversion of the command issuing authority of the user 1 is realized through the conversion of the first identifier, the issuing and recycling of the command issuing authority of the user are realized by taking the user group as a unit, the flexibility of the command issuing authority is improved, the distribution flow of the command issuing authority is simplified, and the maintenance and monitoring of the command issuing authority are facilitated.
In the above step S240, determining the command issuing authority of the current user based on the level of the command issued by the user includes:
a command level of a command issued by a current user is determined.
And under the condition that the command is the first-level command, determining that the command issuing authority of the current user is in an activated state.
In the embodiment of the disclosure, the corresponding relation between the command level and the command issuing authority state is preset, so that commands of different levels can be flexibly monitored. For example, if the command issued by the user is a first level command, it is further determined whether the state of the command issuing authority of the current user is an active state. Only when the user command issuing authority is in an activated state, the command can be executed to perform the operating system control.
Further, the embodiment of the disclosure can set different initial states for different command issuing authorities. For example, for the system maintenance authority that can issue the first level command, in order to further supervise the first level command having a high risk to avoid affecting the stability of the operating system because the first level command is easily issued, the initial state of the system maintenance authority may be set to inactive, that is, the system maintenance authority always remains in the inactive initial state, and in the case where the system maintenance authority state is inactive, the user cannot issue any instruction. For the application maintenance authority for issuing the second-level command and the third-level normal user authority, since the commands do not affect the stability of the operating system, the initial states of the application maintenance authority and the normal user authority can be set to be activated states so as to issue related commands at any time.
Further, the user can modify the system maintenance authority state by submitting a state modification application. The state modification application needs to include user information, a state modification reason and a state modification time. And the state of the system maintenance authority is converted from the unactivated initial state to the activated state corresponding to the approval of the state modification application. And when the state transition of the user is successful, starting the countdown of the current state based on the modification time in the state modification application, and automatically recovering the state of the system maintenance authority to be an unactivated initial state after the countdown is finished.
Further, in response to the state modification of the system maintenance authority, a log file of the state modification is saved, wherein the log file records the time of completing the state application, the approver and the state modification of the operation account and the time of recovering the initialization state. The state modification related information of the first account can be recorded through the log file, so that statistics and tracing are facilitated.
According to the embodiment of the disclosure, the initial state of the system maintenance authority is set to be the inactive state, so that further control on the first-level command is realized, and the first-level command is supervised from the two dimensions of the authority and the authority state. That is, even if the system maintenance authority is provided, the first level command cannot be used for operating system control at will, so that the issuing condition of the first level command is further limited, and the influence and loss on the operating system caused by the random issuing of the first level command are avoided. The user needs to modify the system maintenance authority state by submitting a state modification application, and only if the state of the system maintenance authority is modified to be an activated state, the operation system can be controlled through the first level command. And the first-level command is convenient to monitor, manage and count.
Based on the operating system command control method, the invention further provides an operating system command control device. The device will be described in detail below in connection with fig. 4.
Fig. 4 schematically shows a block diagram of the configuration of an operating system command control apparatus according to an embodiment of the present disclosure.
As shown in fig. 4, the operating system command control apparatus 400 of this embodiment includes an acquisition module 410, a determination module 420, an allocation module 430, and a control module 440.
The obtaining module 410 is configured to obtain role information of a current user and a configuration file corresponding to a command type of an operating system; the configuration file comprises a corresponding relation between user role information and command issuing authority of the operating system. In an embodiment, the obtaining module 410 may be configured to perform the operation S210 described above, which is not described herein.
The determining module 420 is configured to determine, according to the configuration file, a command issuing authority corresponding to role information of the current user. In an embodiment, the determining module 420 may be configured to perform the operation S220 described above, which is not described herein.
The allocation module 430 is configured to allocate command issuing rights to a current user. In an embodiment, the allocation module 430 may be configured to perform the operation S230 described above, which is not described herein.
The control module 440 is configured to perform operating system control based on the command issued by the current user, in a case where it is determined that the command issuing authority of the current user is in an activated state based on the level of the command issued by the user. In an embodiment, the control module 440 may be configured to perform the operation S240 described above, which is not described herein.
Any of the acquisition module 410, determination module 420, distribution module 430, and control module 440 may be combined in one module to be implemented, or any of them may be split into multiple modules, according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the acquisition module 410, the determination module 420, the distribution module 430, and the control module 440 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the acquisition module 410, the determination module 420, the allocation module 430, and the control module 440 may be at least partially implemented as computer program modules, which when executed, may perform the corresponding functions.
Fig. 5 schematically illustrates a block diagram of an electronic device adapted to implement an operating system command control method according to an embodiment of the present disclosure.
As shown in fig. 5, an electronic device 500 according to an embodiment of the present disclosure includes a processor 501 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. The processor 501 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 501 may also include on-board memory for caching purposes. The processor 501 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.
In the RAM 503, various programs and data required for the operation of the electronic apparatus 500 are stored. The processor 501, ROM 502, and RAM 503 are connected to each other by a bus 504. The processor 501 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 502 and/or the RAM 503. Note that the program may be stored in one or more memories other than the ROM 502 and the RAM 503. The processor 501 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 500 may also include an input/output (I/O) interface 505, the input/output (I/O) interface 505 also being connected to the bus 504. The electronic device 500 may also include one or more of the following components connected to the I/O interface 505: an input section 506 including a keyboard, a mouse, and the like; an output portion 507 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker, and the like; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The drive 510 is also connected to the I/O interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed so that a computer program read therefrom is mounted into the storage section 508 as needed.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 502 and/or RAM 503 and/or one or more memories other than ROM 502 and RAM 503 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to implement the item recommendation method provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 501. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, and/or installed from a removable medium 511 via the communication portion 509. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 509, and/or installed from the removable media 511. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 501. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (12)

1. An operating system command control method, comprising:
acquiring role information of a current user and a configuration file corresponding to the command type of an operating system; the configuration file comprises a corresponding relation between user role information and command issuing authority of an operating system;
determining command issuing authority corresponding to the role information of the current user according to the configuration file;
distributing the command issuing authority to the current user;
and under the condition that the command issuing authority of the current user is determined to be in an activated state based on the level of the command issued by the user, performing operation system control based on the command issued by the current user.
2. The operating system command control method according to claim 1, wherein the role information includes a first identifier for indicating a user group in which the current user is located, and the determining command issuing authority corresponding to the role information of the current user according to the configuration file includes:
and determining command issuing authority corresponding to the user group where the current user is located according to the first identifier.
3. The operating system command control method according to claim 2, wherein the user group of the current user is commonly determined by a second identifier for representing a position of the user and a third identifier for representing a department of the current user, and the commonly determining the user group of the current user according to the second identifier and the third identifier includes:
determining a user group to be selected corresponding to the user position of the current user according to the second identifier;
and determining a user group corresponding to the department to which the user of the current user belongs and the user position according to the third identifier.
4. The operating system command control method according to claim 1, further comprising:
grading the operating system commands based on command content;
the operating system commands are divided into a first-level command, a second-level command and a third-level command, wherein the first-level command is a command for modifying the configuration of the operating system, the second-level command is a command for modifying the operation state, and the third-level command is a command for viewing and displaying.
5. The operating system command control method according to claim 4, wherein the determining command issuing authority corresponding to the character information of the current user according to the configuration file further comprises:
determining that the command issuing authority corresponding to the role information of the current user is one of the following command issuing authorities according to the configuration file:
system maintenance rights, application maintenance rights, and conventional user rights;
the system maintenance authority is used for issuing commands of any level; the application maintenance authority is used for issuing second and third level commands; conventional user rights are used to issue third level commands.
6. The operating system command control method according to claim 1, said assigning the command issuing authority to a current user, comprising:
assigning the command issuing authority to a user group;
and the user group sequentially distributes command issuing authorities to users in the group according to the first identification.
7. The operating system command control method according to claim 5, further comprising:
and deleting the first identifier in the role information of the user and the command issuing authority corresponding to the user group corresponding to the first identifier in response to the user moving out of the user group.
8. The operating system command control method according to claim 7, wherein the determining the command issuing authority of the current user based on the level of the user issuing command includes:
determining a command level of a command issued by a current user;
and under the condition that the command is the first-level command, determining that the command issuing authority of the current user is in an activated state.
9. An operating system command control apparatus comprising:
the acquisition module is used for acquiring the role information of the current user and the configuration file corresponding to the command type of the operating system; the configuration file comprises a corresponding relation between user role information and command issuing authority of the operating system;
the determining module is used for determining command issuing authority corresponding to the role information of the current user according to the configuration file;
the distribution module is used for distributing command issuing authorities to current users;
and the control module is used for controlling the operating system based on the command issued by the current user under the condition that the command issuing authority of the current user is determined to be in an activated state based on the level of the command issued by the user.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-8.
12. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 8.
CN202310698674.2A 2023-06-13 2023-06-13 Operating system command control method, device, equipment, medium and product Pending CN116756753A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310698674.2A CN116756753A (en) 2023-06-13 2023-06-13 Operating system command control method, device, equipment, medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310698674.2A CN116756753A (en) 2023-06-13 2023-06-13 Operating system command control method, device, equipment, medium and product

Publications (1)

Publication Number Publication Date
CN116756753A true CN116756753A (en) 2023-09-15

Family

ID=87958353

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310698674.2A Pending CN116756753A (en) 2023-06-13 2023-06-13 Operating system command control method, device, equipment, medium and product

Country Status (1)

Country Link
CN (1) CN116756753A (en)

Similar Documents

Publication Publication Date Title
US20190097807A1 (en) Network access control based on distributed ledger
CN107392801B (en) Method and device for controlling order disorder, storage medium and electronic equipment
US11586687B2 (en) Apparatus, method and computer program for cloud scraping using pre-scraped big data
CN111770128B (en) Message management method and device
US20210295223A1 (en) Cognitive automation based vendor compliance system
CN117076280A (en) Policy generation method and device, electronic equipment and computer readable storage medium
CN110674426B (en) Webpage behavior reporting method and device
CN111210109A (en) Method and device for predicting user risk based on associated user and electronic equipment
CN116451938A (en) Task processing method and device, electronic equipment and storage medium
CN116756753A (en) Operating system command control method, device, equipment, medium and product
CN115760013A (en) Operation and maintenance model construction method and device, electronic equipment and storage medium
CN107612763B (en) Metadata management method, application server, service system, medium and controller
CN113609531A (en) Block chain based information interaction method, device, equipment, medium and product
CN112861037A (en) Data annotation method, device, system, electronic equipment and storage medium
CN116738459A (en) Operating system authority management method, device, equipment, medium and program product
KR20190130957A (en) Apparatus, method and computer program for cloud scrapping using pre-scrapped bigdata
CN110262756B (en) Method and device for caching data
CN114281828A (en) Method, device, equipment and medium for processing problem clue form
CN117176576A (en) Network resource changing method, device, equipment and storage medium
CN116775307A (en) Service processing method, device, equipment and storage medium
CN114528592A (en) Service processing method, device, equipment, medium and program product
CN114943100A (en) Data verification method, apparatus, device, medium, and program product
CN114218159A (en) Method, apparatus, device, medium and product for data management
CN116821251A (en) Data processing method, data processing device, electronic equipment and storage medium
CN117170805A (en) Batch job processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination