如何在Windows中控制文件访问? [英] How to control file access in Windows?
问题描述
Go提供了> $code> os.Chmod() 用于设置文件和目录权限。例如,如果我要确保文件只能由当前用户访问,则可以执行以下操作:
Go provides os.Chmod()
for setting file and directory permissions. For example, if I want to ensure a file is accessible only to the current user, I can do the following:
os.Chmod("somefile.txt", 0600)
这在Linux上很好用,但在Windows上却什么也没做。在深入研究Go源代码之后,我遇到了其实现。似乎唯一支持的属性是 S_IWRITE
。
This works great on Linux but does absolutely nothing on Windows. After digging into the Go source code, I came across its implementation. It seems like S_IWRITE
is the only attribute supported.
如何在Windows上控制对文件或目录的访问
How do I control access to a file or directory on Windows using Go?
推荐答案
说明
Windows不使用传统的Unix权限。 Windows而是通过访问控制。每个对象都有一个 ACL(访问控制列表) * 来控制对对象的访问。
Explanation
Windows does not use traditional Unix permissions. Instead, Windows controls access to files and directories through access control. Each object has an ACL (Access Control List)* which controls access to the object.
每个ACL基本上是确定访问哪些访问权限的ACE(访问控制项) 授予特定的受托者(用户,组等)。例如,文件可能包含ACE,该ACE授予特定用户对该文件的读取访问权限( GENERIC_READ
)。
Each ACL is basically a list of ACEs (Access Control Entries) which determine what access a specific trustee (user, group, etc.) is granted. For example, a file may contain an ACE granting a specific user read access (GENERIC_READ
) to the file.
通过操作ACL和ACE Windows API中的授权功能。
*从技术上讲,每个对象都有两个ACL-DACL和SACL
感谢,不必学习所有这些功能。我整理了一个名为 go-acl的小型Go程序包,它可以完成所有繁重的工作-lifting并公开一个名为(还有什么?) Chmod
的函数。基本用法如下:
Thankfully, learning all of these functions isn't necessary. I've put together a small Go package named "go-acl" that does all of the heavy-lifting and exposes a function named (what else?) Chmod
. Basic usage is as follows:
import "github.com/hectane/go-acl"
err := acl.Chmod("C:\\path\\to\\file.txt", 0755)
if err != nil {
panic(err)
}
结果
Chmod()
函数在文件的ACL中创建三个ACE:
Results
The Chmod()
function creates three ACEs in the file's ACL:
- 一位所有者(
WinCreatorOwnerSid
) - 一个用于组(
WinCreatorGroupSid
) - 一个用于其他组(
WinWorldSid
)
- one for the owner (
WinCreatorOwnerSid
) - one for the group (
WinCreatorGroupSid
) - one for everyone else (
WinWorldSid
)
这篇关于如何在Windows中控制文件访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!