等效于Unix/Linux中的卷设备的createFile()和DeviceIoControl() [英] createFile() and DeviceIoControl() equivalent for volume devices in Unix/Linux
问题描述
我已打开卷USB设备并在Windows中使用CreateFile()和DeviceIoControl()锁定了.
I have opened volume USB device and locked using CreateFile() and DeviceIoControl() in Windows.
我想要在Linux/Unix系统上具有相同的功能.我是Unix的新手,那么如何获得它呢?
I want same functionality on Linux/Unix system. I am new to Unix So How to get it?
我的Windows代码:
My code for Windows :
HANDLE handle = CreateFile(L"\\\\.\\F:", // F: drive to open
GENERIC_READ, // no access to the drive
FILE_SHARE_READ, // share mode
NULL, // default security attributes
OPEN_EXISTING, // disposition
0x1, // file attributes
NULL); // do not copy file attributes
DWORD lpBytesReturned;
if (DeviceIoControl(handle, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0, &lpBytesReturned, (LPOVERLAPPED)NULL)){
printf("\n Lock SUCCESS !\n");
}
else {
printf("\n Lock Failed !\n");
}
语言:c/c ++
平台:Linux/Unix
platform: Linux/Unix
预先感谢.
推荐答案
Consider using Linux namespaces, for instance, Docker containers. That way, you can grant or limit access to system resources such as network cards, storage devices, etc.
例如,您有一个Web服务器和数据库服务器.您可以创建两个容器:一个用于Web服务器,另一个用于数据库.每个容器都有其自己的文件系统,或者确切地说,在文件系统(名称空间)上拥有 view .因此,Web服务器上的安全漏洞无法直接影响数据库,因为从Web服务器的文件系统中看不到数据库.而且,两个容器都具有单独的用户权限,因此具有root用户访问权限的Web管理员仍然无法破坏数据库.
For example, you have a web server and database server. You can create two containers: one for the webserver, and the second one for the database. Each of the containers has its own filesystem, or to be precise, own view on the filesystem (namespace). Therefore, a security breach on the webserver cannot directly affect databases because they are not seen from the webserver's filesystem. Moreover, both containers have separate user permissions, so the web admin with root access still cannot mess up the databases.
防止访问USB存储驱动器的方法相同:在主机系统上,可以将所有Docker容器的备份备份到USB驱动器,而由于USB存储设备不存在,这些容器无权访问备份为他们所有.
The same way you can prevent access to a USB storage drive: on the host system, you can make backups from all Docker containers to a USB drive while the containers have no access to the backups as the USB storage doesn't exist for them at all.
这篇关于等效于Unix/Linux中的卷设备的createFile()和DeviceIoControl()的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!