尊龙凯时人生就是搏

ÔõÑùÔÚLinuxÉÏÉèÖûùÓÚ½ÇÉ«µÄ»á¼û¿ØÖÆ£¨RBAC£©

ÔõÑùÔÚlinuxÉÏÉèÖûùÓÚ½ÇÉ«µÄ»á¼û¿ØÖÆ£¨rbac£©

СÐò£º

ÔÚ¶àÓû§ÇéÐÎÏ£¬È·±£ÏµÍ³Çå¾²ÐÔºÍÊý¾ÝµÄÒþ˽ÐÔ³ÉΪһÏîÖ÷ҪʹÃü¡£¶øÔÚLinuxϵͳÖУ¬½ÇɫΪ»ù´¡µÄ»á¼û¿ØÖÆ£¨Role-Based Access Control£¬¼ò³ÆRBAC£©±»ÆÕ±é½ÓÄÉÀ´ÖÎÀíÓû§È¨ÏÞºÍ×ÊÔ´»á¼û¡£±¾ÎĽ«ÏÈÈÝÔõÑùÔÚLinuxϵͳÉÏÉèÖÃRBAC£¬²¢ÌṩһЩ´úÂëʾÀýÀ´×ÊÖú¶ÁÕ߸üºÃµØÃ÷ȷʵÏÖÀú³Ì¡£

µÚÒ»²½£º×°ÖÃÐëÒªµÄÈí¼þ°ü

Ê×ÏÈ£¬ÎÒÃÇÐèҪװÖÃÐëÒªµÄÈí¼þ°üÒÔÆôÓÃRBAC¹¦Ð§¡£Ê¹ÓÃÒÔÏÂÏÂÁîÔÚLinuxϵͳÉÏ×°ÖÃSELinux£¨Security Enhanced Linux£©ºÍPAM£¨Pluggable Authentication Modules£©£º

sudo apt-get install selinux pam

µÇ¼ºó¸´ÖÆ

Íê³É×°Öúó£¬ÎÒÃÇ¿ÉÒÔ¼ÌÐø¾ÙÐÐÏÂÒ»²½²Ù×÷¡£

µÚ¶þ²½£º½¨ÉèÓû§ºÍ½ÇÉ«

ÔÚLinuxϵͳÖУ¬Ã¿¸öÓû§¿ÉÒÔ±»·ÖÅɵ½Ò»¸ö»ò¶à¸ö½ÇÉ«¡£ÎÒÃÇ¿ÉÒÔʹÓÃadduserÏÂÁÉèÐÂÓû§£¬²¢Ê¹ÓÃusermodÏÂÁÓû§Ìí¼Óµ½ÏìÓ¦µÄ½ÇÉ«ÖС£

sudo adduser user1
sudo usermod -aG role1 user1

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖУ¬ÎÒÃǽ¨ÉèÁËÒ»¸öÃûΪuser1µÄÐÂÓû§£¬²¢½«ÆäÌí¼Óµ½ÃûΪrole1µÄ½ÇÉ«ÖС£Äã¿ÉÒÔƾ֤×Ô¼ºµÄÐèÇó½¨Éè¸ü¶àµÄÓû§ºÍ½ÇÉ«¡£

µÚÈý²½£ºÉèÖýÇÉ«Õ½ÂÔÎļþ

½ÇÉ«Õ½ÂÔÎļþ½ç˵ÁËÿ¸ö½ÇÉ«µÄȨÏÞºÍ×ÊÔ´»á¼ûÕ½ÂÔ¡£ÎÒÃÇ¿ÉÒÔʹÓÃÎı¾±à¼­Æ÷·­¿ª/etc/selinux/policy.confÎļþ£¬²¢Ìí¼Ó½ÇÉ«Õ½ÂÔ¡£

sudo nano /etc/selinux/policy.conf

µÇ¼ºó¸´ÖÆ

ÔÚÎļþĩβÌí¼ÓÒÔÏÂÄÚÈÝ£º

role role1 types type1, type2, type3

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖУ¬ÎÒÃǽç˵ÁËÃûΪrole1µÄ½ÇÉ«£¬ÒÔ¼°½ÇÉ«¿ÉÒÔ»á¼ûµÄ×ÊÔ´ÀàÐÍ¡£

µÚËIJ½£ºÉèÖÃPAMÄ£¿é

PAMÄ£¿éÊÇÒ»¸ö¿É²å°ÎµÄÉí·ÝÑé֤ģ¿é£¬ÓÃÓÚ¶ÔÓû§¾ÙÐÐÉí·ÝÑéÖ¤ºÍÊÚȨ¡£ÎÒÃÇ¿ÉÒÔʹÓÃÎı¾±à¼­Æ÷·­¿ª/etc/pam.d/common-authÎļþ£¬²¢Ìí¼ÓPAMÄ£¿éÉèÖá£

sudo nano /etc/pam.d/common-auth

µÇ¼ºó¸´ÖÆ

ÔÚÎļþ¿ªÍ·Ìí¼ÓÒÔÏÂÄÚÈÝ£º

auth [success=done new_authtok_reqd=ok default=ignore] pam_selinux_permit.so
auth required pam_deny.so

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖУ¬ÎÒÃÇʹÓÃpam_selinux_permit.soÄ£¿éÔÊÐíSELinuxÉèÖûá¼ûȨÏÞ£¬²¢Ê¹ÓÃpam_deny.soÄ£¿éեȡ¶Ô²»¾ß±¸»á¼ûȨÏÞµÄÓû§¾ÙÐÐÊÚȨ¡£

µÚÎå²½£ºÖØÆôϵͳ

Íê³ÉÉÏÊöÉèÖúó£¬ÎÒÃÇÐèÒªÖØÆôLinuxϵͳÒÔʹRBACÉèÖÃÉúЧ¡£

sudo reboot

µÇ¼ºó¸´ÖÆ

ÖØÆôºó£¬RBAC¹¦Ð§½«±»ÆôÓã¬Óû§½«Æ¾Ö¤ÆäËùÊô½ÇÉ«µÄ»á¼ûȨÏÞ¾ÙÐÐÊÚȨ¡£

´úÂëʾÀý£º

ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄRBAC´úÂëʾÀý£¬ÓÃÓÚÑÝʾÔõÑùʹÓÃRBACÉèÖÃÓû§È¨ÏÞ¿ØÖÆ¡£

import os

def check_access(user, resource):
    output = os.system("id -Z")
    if user in output and resource in allowed_resources:
        return True
    else:
        return False

user = "user1"
allowed_resources = ["file1", "file2", "file3"]

if check_access(user, "file2"):
    print("Óû§ÓÐȨÏÞ»á¼û×ÊÔ´")
else:
    print("Óû§ÎÞȨÏÞ»á¼û×ÊÔ´")

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖУ¬check_accessº¯ÊýÓÃÓÚ¼ì²éÓû§ÊÇ·ñ¾ßÓлá¼û×ÊÔ´µÄȨÏÞ¡£ÈôÊÇÓû§ÔÚÖ¸¶¨µÄ½ÇÉ«ÖУ¬²¢ÇÒËùÐè×ÊÔ´ÔÚÔÊÐí»á¼ûµÄ×ÊÔ´ÁбíÖУ¬Ôòº¯Êý·µ»ØTrue£¬²»È»·µ»ØFalse¡£

½áÂÛ£º

ͨ¹ýÉèÖûùÓÚ½ÇÉ«µÄ»á¼û¿ØÖÆ£¨RBAC£©£¬ÎÒÃÇ¿ÉÒÔ¸üºÃµØÖÎÀíÓû§È¨ÏÞºÍ×ÊÔ´»á¼û£¬²¢Ìá¸ßϵͳµÄÇå¾²ÐÔºÍÊý¾ÝµÄÒþ˽ÐÔ¡£ÔÚ±¾ÎÄÖУ¬ÎÒÃÇÏÈÈÝÁËÔÚLinuxϵͳÉÏÉèÖÃRBACµÄ°ì·¨£¬²¢ÌṩÁËÒ»¸ö¼òÆӵĴúÂëʾÀýÀ´×ÊÖú¶ÁÕ߸üºÃµØÃ÷ȷʵÏÖÀú³Ì¡£¶ÁÕß¿ÉÒÔƾ֤×Ô¼ºµÄÐèÇóÀ´À©Õ¹ºÍÐÞ¸ÄRBACÉèÖã¬ÒÔʵÏÖ¸ü׼ȷµÄȨÏÞ¿ØÖÆ¡£

ÒÔÉϾÍÊÇÔõÑùÔÚLinuxÉÏÉèÖûùÓÚ½ÇÉ«µÄ»á¼û¿ØÖÆ£¨RBAC£©µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í尊龙凯时人生就是搏ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ尊龙凯时人生就是搏ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ尊龙凯时人生就是搏

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
sitemap¡¢ÍøÕ¾µØͼ