完全限制对文件夹的所有类型的访问 [英] Completely restricting all types of access to a folder

问题描述

我正在制作一个可可应用程序，它在用户环境中的指定位置创建一些文件夹。现在我想保护这些文件夹从任何类型的读，写，复制，拖动从所有类型的用户访问（即无法访问管理员和非管理员用户）。有一种方法来保护这些文件夹的任何类型的访问。
我们可以使用NSFileManager方法 -setAttributes：OfItemAtPath：error：
但是我不确定这个方法的属性字典。

I am making a cocoa application, which creates some folders at my specified location in the user's environment. Now i want to protect these folders from any type of read, write, copy, drag access from all type of users(i.e Not accessible for admin and non-admin users).Is there a way to protect these folders from any type of access. Can we use, NSFileManager method -setAttributes:OfItemAtPath:error: But i am not sure on attributes dictionary of this method.

基本上我想向用户提供一些文件的踪迹（让我们说1天的试用），并且一旦轨迹过期就删除这些文件，并且所有这些文件被放置在用户环境中的某个文件夹。

Basically i want to provide trail of some files to the user (let's say 1 day trial), and removing those files as soon as the trail expires, and all those files are placed inside a certain folder in the user's environment. What should be the best approach i should use to protect those files?

推荐答案

简短答案：不需要。有特权的人可以做任何事情。无权使用权限会获得您的权限，并允许您的应用程式存取这些档案。

Short answer: No. Someone with elevated privileges can do just about anything. No playing with permissions will get you there and still allow your application to access the files.

如果您可以关闭所有存取权限，自己的应用程序访问文件？打开访问权限本身就是访问权限...

更长的答案：也许。试图实现。你真的想要停止正在复制的文件，或者只是它们的内容被访问吗？

Longer answer: Maybe. This depends on what you are trying to achieve. Do you really want to stop the files being copied, or just their contents accessed?

加密可以用来保护内容（例如在文件级别，使用加密的sparsebundle图像等），将识别信息存储在文件中可以提醒您正在使用副本（例如，如果您移动/复制VMWare虚拟机或重新创建Google云端硬盘文件夹，会发生什么情况）等。

Encryption can be used to protect content (e.g. at the file level, using an encrypted sparsebundle image, etc.), storing identification information in a file can alert you that you’re using a copy (e.g. see what happens if you move/copy a VMWare virtual machine or recreate a Google Drive folder), etc.

你可以使用FUSE来实现自己的文件系统;并通过您自己的机制阻止复制，访问等，但是文件系统作为一个整体仍然可以被复制（即通过FUSE有效地实现您自己的等同于加密的sparsebundle并实现您自己的访问机制）。

And you can always implement your own filesystem using FUSE; and prevent copying, access, etc. by your own mechanism, however the filesystem as a whole could still be copied (i.e. effectively implement your own equivalent of an encrypted sparsebundle via FUSE and implement your own access mechanism).

你想达到什么？

What are you trying to achieve? If you spell that out folk might be able to suggest alternative solutions.

另请参阅此问题阻止root写入文件。

这篇关于完全限制对文件夹的所有类型的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！