The file access tests that the kernel performs each time

最新推荐文章于 2024-10-01 17:03:21 发布
转载 最新推荐文章于 2024-10-01 17:03:21 发布 · 553 阅读 · 0

本文详细介绍了操作系统内核如何根据文件所有者、进程的有效用户ID和组ID以及补充组ID来确定文件访问权限。具体步骤包括超级用户直接授权、文件所有者的权限检查、所属组的权限检查以及其他用户的权限检查。

The file access tests that the kernel performs each time a process opens, creates, or deletes a file depend on the owners of the file (st_uidand st_gid), the effective IDs of the process (effective user ID and effective group ID), and the supplementary group IDs of the process, if supported. The two owner IDs are properties of the file, whereas the two effective IDs and the supplementary group IDs are properties of the process. The tests performed by the kernel are as follows.

  1. If the effective user ID of the process is 0 (the superuser), access is allowed. This gives the superuser free rein throughout the entire file system.

  2. If the effective user ID of the process equals the owner ID of the file (i.e., the process owns the file), access is allowed if the appropriate user access permission bit is set. Otherwise, permission is denied. By appropriate access permission bit, we mean that if the process is opening the file for reading, the user-read bit must be on. If the process is opening the file for writing, the user-write bit must be on. If the process is executing the file, the user-execute bit must be on.

  3. If the effective group ID of the process or one of the supplementary group IDs of the process equals the group ID of the file, access is allowed if the appropriate group access permission bit is set. Otherwise, permission is denied.

  4. If the appropriate other access permission bit is set, access is allowed. Otherwise, permission is denied.

These four steps are tried in sequence. Note that if the process owns the file (step 2), access is granted or denied based only on the user access permissions; the group permissions are never looked at. Similarly, if the process does not own the file, but belongs to an appropriate group, access is granted or denied based only on the group access permissions; the other permissions are not looked at. 
notepi
关注
On the DMA Mapping Problem in Direct Device Assignment 配额映射-SYSTOR-2010
m0_52857523的博客
12-07 1450
On the DMA Mapping Problem in Direct Device Assignment ABSTRACT I/O intensive workloads running in virtual machines can suffer massive performance degradation. Direct assignment of I/O devices to virtual machines is the best performing I/O virtualization m
强大的socat工具,可创建虚拟串口、在串口/网口间转发数据等,基本上无所不能的工具
哦,原来你也在这里。
01-20 2126
socat,一个强大的工具,串口工具
C#使用Create创建文件后,报The Process cannot access the file because it is being used by another process的异常
热门推荐
灰太狼的博客
09-27 4万+
<br />今天使用File.Create("dddd.txt");后,打开这个文件时报The Process cannot access the file because it is being used by another process的异常。在网上找到解决方法如下:<br />File.Create("dddd").Close();<br />如果不Close(),那么这个文件一直被创建进程占着,直到创建进程被关闭。
0821-069 ping: sendto: The file access permissions do not allow the specified action.
u010692693的专栏
04-07 6240
AIX ping其他服务器时出现以下报错 0821-069 ping: sendto: The file access permissions do not allow the specified action. 其他服务器ping不通AIX http://www.aixchina.net/Article/24765 smitty à1.Communicatio
nexus3.1 迁移之后,启动报错“Lock file access denied”解决办法
The magic of fingertips
04-16 3579
错误日志 Java HotSpot(TM) 64-Bit Server VM warning: Cannot open file /nexus-data/log/jvm.log due to Permission denied Warning: Cannot open log file: /nexus-data/log/jvm.log Warning: Forcing option -XX:...
File Access Permissions(4.5)
diaoqi5743的博客
10-07 221
The three categories in Figure 4.6read, write, and execute are used in various ways by different functions. We'll summarize them here, and return to them when we describe the actual functions...
The Performance of µ-Kernel-Based Systems
wdjjwb的专栏
03-13 3418
Hermann Härtig - Michael Hohmuth - Jochen Liedtke* - Sebastian Schönberg - Jean Wolter Dresden University of Technology Department of Computer Science D-01062 Dresden, Germany email: l4-linux@os.inf.t...
The linux-kernel mailing list FAQ
走南闯北的专栏
09-25 2万+
The linux-kernel mailing list FAQ
Hacking the PS4, part 1
龙哥盟
03-18 4万+
Hacking the PS4, part 1Introduction to PS4’s security, and userland ROP From: Cturt Note: This article is part of a 3 part series: Hacking the PS4, part 1 - Introduction to PS4’s security, and userla
Exploring Heap-Based Buffer Overflows with the Application Verifier
lixiangminghate的专栏
04-16 1394
转自:http://blogs.cisco.com/security/exploring_heap-based_buffer_overflows_with_the_application_verifier Isolating the root cause of a heap-based buffer overflow can be tricky at best. Thankfully,
a project model for the FreeBSD Project.7z
08-21
This, combined with the vast amount of dependencies in the kernel and that it is not easy to see all the consequences of a kernel change, demands developers with a relative full understanding of the ...
linux文件安全策略
android移动设备
01-04 1960
以下对linux文件安全策略做一下总结,常读有益提高英文水平,呵呵。  Permissions(权限) The effect of setting the permissions on a directory (rather than a file) is "one of the most frequently misunderstood file permission issues" (Ha
CS3214 Fall 2024 Project 1 - “Customizable Shell”R
ishytynt的博客
10-01 729
EventProcessstopped?Processdead?Userstopsfgpro-WIFSTOPPEDSIGTSTPyesnoUserstopsprocesswithstop(cush)orkillSTOPbashWIFSTOPPEDSIGSTOPyesnoWIFSTOPPEDSIGTTOUorSIGT-TINyesnoprocessexitsviaexit()
基于Python3615环境实现国密SM2椭圆曲线非对称加密算法与数字签名完整流程的演示与验证项目_包含密钥生成模块加密签名模块解密验证模块的完整实验流程通过generater.zip
12-28
基于Python3615环境实现国密SM2椭圆曲线非对称加密算法与数字签名完整流程的演示与验证项目_包含密钥生成模块加密签名模块解密验证模块的完整实验流程通过generater.zip
上海市建筑轮廓带高度属性矢量SHP数据合集wgs84坐标系(非OSM).zip
最新发布
12-28
上海市建筑轮廓带高度属性矢量SHP数据合集wgs84坐标系(非OSM).zip
341107631_1766844767rT2PMi.xlsx
12-28
341107631_1766844767rT2PMi.xlsx
No tests found in the selected file or folde!
08-06
在处理测试用例时,如果遇到 **"No tests found in the selected file or folder"** 的提示,通常意味着测试运行器未能识别出指定文件或目录中的测试用例。以下是常见的原因及解决方法: ### 1. 测试类或方法未正确命名 许多测试框架(如 JUnit、pytest、unittest)依赖特定的命名约定来识别测试用例。例如: - **JUnit (Java)** 要求测试类以 `Test` 结尾,或使用 `@Test` 注解标记方法。 - **pytest (Python)** 要求测试函数以 `test_` 开头,测试类以 `Test` 开头且不带 `__init__` 方法。 ```python # 示例:符合 pytest 命名规范的测试函数 def test_addition(): assert 1 + 1 == 2 ``` ### 2. 测试文件未放置在正确的目录中 根据项目结构,测试代码应与生产代码分离,并放置在专门的目录中。例如: - **Maven/Java** 项目通常将测试代码放在 `src/test/java`。 - **Python** 项目通常将测试文件放在 `tests/` 或 `test_*.py` 文件中。 确保测试运行器配置正确,能够扫描到这些目录[^1]。 ### 3. 测试框架未正确配置 确保项目中已安装并配置了相应的测试框架。例如: - **Pytest** 需要安装 `pytest` 包,并在 `pytest.ini` 中配置搜索路径。 - **JUnit** 需要添加 `junit-platform-runner` 和 `junit-jupiter-api` 依赖。 ```bash # 安装 pytest pip install pytest ``` ### 4. IDE 缓存问题 有时 IDE(如 PyCharm、IntelliJ IDEA、VS Code)可能未能正确识别测试文件,导致提示未找到测试用例。尝试以下操作: - **刷新项目索引**:在 IDE 中重新加载项目。 - **重新配置测试运行器**:在设置中指定正确的测试框架。 - **清除缓存并重启 IDE**。 ### 5. 使用命令行运行测试 如果 IDE 无法识别测试,尝试使用命令行运行测试,以确认是否为 IDE 问题: ```bash # 使用 pytest 运行所有测试 pytest # 使用 unittest 运行特定测试文件 python -m unittest tests/test_example.py ``` ### 6. 检查测试文件是否被忽略 某些项目使用 `.gitignore` 或 `.pytest_cache/` 等机制排除测试文件,确保测试文件未被意外忽略。 ---
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值