CN102546664A - User and authority management method and system for distributed file system - Google Patents
User and authority management method and system for distributed file system Download PDFInfo
- Publication number
- CN102546664A CN102546664A CN2012100478211A CN201210047821A CN102546664A CN 102546664 A CN102546664 A CN 102546664A CN 2012100478211 A CN2012100478211 A CN 2012100478211A CN 201210047821 A CN201210047821 A CN 201210047821A CN 102546664 A CN102546664 A CN 102546664A
- Authority
- CN
- China
- Prior art keywords
- user
- server
- authority
- data block
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a user and authority management method for a distributed file system. The method comprises the following steps of: firstly, verifying a user identity by a metadata server to judge whether the user identity is legal or not; and then, verifying the operation authority of a legal user by the metadata server to judge whether the user has the corresponding operation authority to a file requested to be accessed; if so, sending an authority confirmation announcement regarding to the user to a data block server; verifying the operation request from a client according to information in the received authority confirmation announcement by the data block server and processing the operation request which is from the legal user and is allowed by the metadata server. According to the method, by verifying the three contents, the legality of the user who accesses the distributed file system and the legality of the operation can be ensured; and meanwhile, the content of the data block server is prevented from being directly stolen or damaged by some illegal users who get across the relative identification of the metadata server.
Description
Technical field
The present invention relates to the security fields of computer system, particularly the security fields of distributed file system.
Background technology
In distributed file system (Distributed File System), the physical store resource distribution of file system management is on a plurality of nodes that connect through computer network.Distributed file system is based on Client, comprises the client and server end; Comprise meta data server (Meta Server) and data block server (Chunk Server) at server end.The data block server is used for the real data of storage file.Meta data server is as the Centroid of distributed file system; The metamessage of storage file; Comprise size, date created and the document data saving of file information such as position, coordinate each data block server simultaneously, guarantee the load balancing of data block server at data server.
In distributed file system, mainly control parallel multi-user access to file through the form of following access rights:
1) read-only share: Any user can only access file, and can not make amendment;
2) controlled write operation: can have a plurality of users to open a file, but have only a user can write modification, and the modification that this user did might not appear on the user's screen of other opened this file;
3) concurrent write operation: allow a plurality of users to read while write a file, require operating system to do a large amount of monitoring work and rewrite, and guarantee that the user can see up-to-date information to prevent file.
And consider safety factor, and different user should have the different operation authority to different files, and therefore for distributed file system, effective user reasonable in design and right management method have key effect to guaranteeing its fail safe.But existing distributed file system user and right management method mainly are divided into two kinds; A kind of user and rights management mode that depends on the traditional document system; Write down the access limit of group user at meta data server through fields specific to file; Do not consider safety problem to the characteristics of distributed file system itself; In case there is the people to walk around the rights management of meta data server through certain mode, be directly connected to the data block server data are duplicated or destroyed, existing method for managing user right has no measure to be on the defensive.Another kind method also is to use now comparatively widely that distributed file system user and right management method are at application user right to be judged; Do not relate to the user and the rights management of distributed file system itself; Though it is effective; But broken away from distributed file system itself after all, can not fundamentally solve the safety issue of distributed file system.
Summary of the invention
Therefore, the objective of the invention is to overcome the defective of above-mentioned prior art, a kind of user of distributed file system and management method of authority of being used for is provided, to guarantee the fail safe of distributed file system.
On the one hand, the invention provides a kind of user and right management method that is used for distributed file system, said distributed file system comprises client, meta data server and data block server, and said method comprises:
Step a) is received from the user capture file request of client, judges by meta data server whether this user has corresponding operating right to the file of ask visit;
Step b) is sent the authority affirmation notice to this user for the request that operating right is arranged to the data block server, and will return to client with the relevant metadata information of file of ask visit;
Step c) by client according to resulting metadata information to data block server transmit operation request;
Step d) confirms that based on the authority received the information in the notice comes the operation requests of client is verified by the data block server, and handle from validated user by operation requests that meta data server allowed.
In the said method, also can be included in when receiving login request of users before the step a), user identity verified, with the whether legal step of judges identity by meta data server.
In the said method, after step b) also can comprise being received that by the data block server said authority is confirmed notice, send to meta data server and to reply.
In the said method, also can comprise the replying authority affirmation notice of meta data server wait from the data block server in step b); If received and replied, then will return to client with the relevant metadata information of file of ask visit; If waited for after a period of time, do not receive and reply, then ask other data block server sending permissions of the file of visit to confirm notice to comprising this user.
In the said method, also can comprise by the data block server to confirming to notify the step of verifying, to confirm that authority affirmation notice is from meta data server really from the authority of meta data server in step b).
Another aspect; The invention provides a kind of distributed file system; Said distributed file system comprises client, meta data server and data block server, and wherein, said meta data server comprises user's operating right authentication module; Be used for when the user access request of receiving from client, judge whether this user has corresponding operating right to the file of ask visit; If have, then send this user's authority is confirmed notice, and will return to client with the relevant metadata information of file of ask visit to the data block server;
Said data block server comprises the access authority verification module, be used for confirming that based on the authority received the information of notice comes the operation requests of client is verified, and handle from this user by operation requests that meta data server allowed.
Whether legal in the said system, meta data server also can comprise SIM, be used for when receiving login request of users, user identity being verified, with judges identity step.
In the said system, said access authority verification module is replied to the meta data server transmission after also being used in and receiving that said authority is confirmed notice.
In the said system, said user's operating right authentication module also can be used for waiting for the replying authority affirmation notice from the data block server; If received and replied, then will return to client with the relevant metadata information of file of ask visit; If waited for after a period of time, do not receive and reply, then ask other data block server sending permissions of the file of visit to confirm notice to comprising this user.
In the said system, said access authority verification module also can be used for verifying confirming to notify from the authority of meta data server, confirms that to confirm authority notice is from meta data server really.
Compared with prior art, the invention has the advantages that:
Through verifying to user identity and from the operating right of validated user by meta data server; If have the request of corresponding operating right, then send this user's authority is confirmed notice to the data block server from the file to ask visit of validated user.Confirm that based on the authority received the information in the notice comes the operation requests from client is verified by the data block server, and handle from validated user and by operation requests that meta data server allowed.Like this, this method can guarantee to visit distributed file system user's the legitimacy and the legitimacy of operation, and the content of data block server is directly stolen or destroyed to the relevant authentication that can avoid some illegal user to cross meta data server simultaneously.
Description of drawings
Followingly the embodiment of the invention is described further with reference to accompanying drawing, wherein:
Fig. 1 is the distributed file system Organization Chart;
Fig. 2 is according to the user who is used for distributed file system of the embodiment of the invention and the schematic flow sheet of right management method;
Fig. 3 is the sketch map according to the framework of the distributed file system of the embodiment of the invention;
Fig. 4 is the operation chart according to the user capture distributed file system of the embodiment of the invention.
Embodiment
In order to make the object of the invention, technical scheme and advantage are clearer, pass through specific embodiment to further explain of the present invention below in conjunction with accompanying drawing.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Understand for ease, at first the relevant content of distributed file system is done concise and to the point introduction before introducing embodiments of the invention.
Fig. 1 is the distributed file system Organization Chart, and is as shown in Figure 1, and distributed file system mainly comprises meta data server, data block server and client, and they are connected with router through switch each other, introduces each building block function below respectively.
(1) meta data server
In distributed file system, meta data server (Meta Server) is used to preserve metadata information.Said metadata information mainly comprises the essential information that is used for description document system file, file and the essential information of data block.These metadata informations are kept in the internal memory of meta data server, can use the B+ data tree structure to store these data, and along with increasing of number of files, the B+ tree structure guarantees that tree all is a balance all the time.Wherein about the authority of the main include file/folder type of the metadata of file or folder, data block copy number, creation-time, modification time, user profile, group information, file, file information such as map information, mainly comprise the physics deposit position, data block identifier, version database this shop of data block, information such as skew hereof about the metadata of data block to data block.Meta data server is the core of distributed file system, and on the one hand, it is safeguarding the metadata information of whole distributed file system.On the other hand, the operate as normal of its maintenance system for example comprises file lock, garbage reclamation mechanism, data block duplicating and move access control, the load balancing of data server etc. between data server.
(2) data block server
Data block server (Chunk Server) is used for the data content of storage file, and the data block store that file content is divided into fixed size is on data server.In addition, for reliability and the fault-tolerant ability that guarantees distributed file system, can each block copy be backuped for many parts, be kept on the different data block servers, whole process all is under the control of meta data server, to accomplish.
(3) client
Distributed file system client is used for file system interface and API (Application Programming Interface, service routine API) to the user being provided.Interface through client provides to the user is realized the mutual of user and distributed file system.
When the user wants certain file in distributed system of access stored, at first, carry out alternately through client and meta data server, obtain the metadata information relevant with file to be visited, comprise file metadata information and data block metadata information.According to the metadata information that is obtained, physical storage locations of the for example mapping of file and data block, and data block or the like, client can be directly and the data block server carry out alternately, so that file to be visited is carried out various operations.Be actually through realizing that with meta data server is mutual through directly realize the access of file data alternately with data server, still whole reciprocal process is transparent to the user to the controling of file.
To finding out the access process of distributed file system, the fail safe of existing distributed file system itself is very low from above-mentioned user.Under a kind of situation; It supposes that the user of every visit is a validated user; That is to say itself not judges whether be validated user, come judges whether legal but rely on application layer, so long as the user request of the application layer of hanging oneself after judging all is legal access request.Another kind of situation; Be to carry out rights management to a certain degree through meta data server; Just when meta data server is received user's access request; The access authority information of passing through to be write down judges whether this user has the right to visit, if having no right visit, then to client relevant metadata information is not provided.If but there is the people to walk around meta data server, perhaps obtained the associated metadata information on meta data server with certain mode, just can be directly and the data block server interaction, data are duplicated or destroyed.
Fig. 2 has provided user and the right management method schematic flow sheet that is used for distributed file system according to an embodiment of the invention.In the method, the access request (user capture file request just) from the user is verified whether the file of asked visit is had corresponding operating right to judge this user by meta data server; If have, then send this user's authority is confirmed notice, and will return to client with the relevant metadata information of file of ask visit to the data block server; Then, by client according to resulting metadata information to data block server transmit operation request; At last, confirm that based on the authority received the information in the notice comes the operation requests of client is verified by the data block server, and handle from this user by operation requests that meta data server allowed.
Alternatively, before the user capture distributed file system, can send logging request to meta data server earlier, user identity verified by meta data server, whether legal with the judges identity; Then, by meta data server the access request from this user is verified whether the file of asked visit is had corresponding operating right again to judge this user.At last, confirm that based on the authority received the information in the notice comes the operation requests of client is verified by the data block server, with handle from validated user by operation requests that meta data server allowed.Application layer be can avoid relying on fully like this and the whether legal situation of judges identity, the fail safe that improves distributed file system come.
Promptly can guarantee to visit distributed file system user's the legitimacy and the legitimacy of operation through the checking to above-mentioned steps, the content of data block server is directly stolen or destroyed to the relevant authentication that can avoid some illegal user to cross meta data server again.
More specifically, as shown in Figure 2, this method mainly may further comprise the steps:
Step 201), whether legal by meta data server judges identity.
In one embodiment, can carry out register before the user capture distributed file system, by the authentication information of meta data server according to user's input, for example username and password judges whether this user possesses legal identity.For example, can on meta data server, set up and store validated user and Groups List, be used to preserve validated user, user's group and the corresponding user cipher of distributed file system, the form that wherein user cipher can ciphertext is preserved.And the owner, the user that can in the metadata information of file, increase file organize ID and user right value, and the access rights of its file comprise read-only Share Permissions, controlled write operation authority and shared write operation authority.
Meta data server obtains username and password from login request of users, and whether the match user name exists in validated user and Groups List, if user name does not exist, returns the non-existent error message of user name; If exist, the corresponding password of user name matees with the password that is obtained in then further will tabulate, if unanimity then pass through authenticating user identification, otherwise would return the password error message.
Step 202), meta data server allows the validated user login, and sets up session for this user.
For the user who possesses legal identity, meta data server allows its login, and for this user sets up session, and to identify this session be legal dialogue, to allow this user file carried out subsequent operation, gives the user otherwise return error message.
Step 203), when validated user conducts interviews to file, send access request to meta data server, judge by meta data server whether this user has operating right to file.
When receiving user's access request, meta data server is according to user's identity and read the metadata information of file, judges whether this user has operating right to file, judges just whether this access request is legal.If illegal, then refusing user's is carried out and should be operated, and returns error message; If legal, the step below then continuing to carry out.Can be divided into the access request of file and to read file request and two kinds of basic operation types of written document request.
Wherein whether judges has operating right to file following several kinds of situation is arranged:
File is read-only shared file, and the user has the read operation authority, propose to read file request, and then be legal;
File is read-only shared file, and the user has the read operation authority, proposes the written document request, operates illegal;
File is controlled write operation file, and the user has the read operation authority, propose to read file request, and then be legal;
File is controlled write operation file, and the user only has the read operation authority, proposes the written document request, operates illegal;
File is controlled write operation file, and the user has the write operation authority, proposes the written document request, if do not exist the user with identical write operation authority that file is carried out write operation, it is legal to operate;
File is controlled write operation file, and the user has the write operation authority, proposes the written document request, if exist the user with identical write operation authority that file is carried out write operation, operates illegal;
File is to share the write operation file, and the user has the read operation authority, propose to read file request, and then be legal;
File is to share the write operation file, and the user only has the read operation authority, proposes the written document request, operates illegal;
File is to share the write operation file, and the user has the write operation authority, proposes the written document request, then is legal.
Step 204), send user right by meta data server to the data block server and confirm notice, to confirm that this user has the corresponding operating authority to file, the data block server upgrades its list of access rights after receiving that user right is confirmed notice.
Said authority confirms to comprise in the notice that user profile (for example, ID) and this user are to operating right information (for example, this user has the authority of read/write to which file) of file or the like.In one embodiment; The data block server is after the authority affirmation notice of receiving from meta data server; Can correspondingly utilize this user right to confirm the relevant information in the notice, for example user profile, user are to the Update Information list of access rights of block server of the operating right information of file.In this list of access rights recording user information with and the relevant information of the data block that can visit.
In yet another embodiment, the data block server can also send to meta data server this authority is confirmed replying of notice after the authority affirmation notice of receiving from meta data server, and this is replied and indicates this data block server to be in normal condition; Receive from after the replying of data block server when meta data server, metadata information is sent to client application.Also do not receive replying of data block server a period of time of after if meta data server has been waited for, then confirm notice to the data block server sending permission that other comprises the file that this user will visit according to metadata information.
Step 205), by meta data server the metadata information relevant with file to be visited is sent to client.
Step 206), client sends operation requests based on resulting metadata information to the data block server, this operation requests of data block server authentication is also handled the operation requests that validated user is allowed to.
When the data block server is received from the operation requests of client, at first search this user profile and whether be present in the list of access rights, if do not exist then refuse this user's access request; If this user exists, judge then whether this user's who is allowed in this operation requests and the list of access rights operating right is identical, if identical then return the data block contents of being asked, otherwise would refuse this access request.
Step 207), after the user finishes file operation, withdraw from distributed file system, close dialogue.
Wherein, step 201 as stated) and step 202) be optional.Whether in other embodiments, also can rely on application layer comes the judges identity legal.
In above-mentioned method; When client-access data block server; Data block server basis verifies from the authority confirmation of meta data server whether this operation is the operation that is allowed to from validated user, thereby avoids client to allow the situation of direct visit data block server without meta data server.
In yet another embodiment, also comprise the step that the data block server is verified authority affirmation notice, confirm that to confirm authority notice is from meta data server really.For example, when meta data server is confirmed notice in sending permission, can encrypt it with the private key of oneself.The data block server is deciphered with the PKI of meta data server after receiving that authority is confirmed notice, if can correctly decipher, explains that this authority affirmation notice is from meta data server.Again for example; In other embodiments, the list of access rights of data block server can comprise that the owner, the user of reference number of a document, file organize fields such as ID and user right value, when the permissions list of meta data server maintenance takes place to upgrade; Can send update notification to the data block server; The data block server returns one 16 random number, and meta data server as key, is encrypted the random number of receiving with the file permission control field; Organize fields such as ID together with the owner, the user of reference number of a document, file and send to the data block server, the data block server carries out the renewal of respective field.Like this, when receiving the authority affirmation notice that meta data server sends, at first search the corresponding list item of the list of access rights of notebook data block server maintenance; Relatively whether this user's authority information and record is identical; If authority correctly then accept the notice of meta data server, if inequality, is then thought the operation through illegal; The benefit of doing like this is to avoid the disabled user that authority affirmation notice is distorted, and fail safe threatens to data.
Fig. 3 has provided the configuration diagram according to the one embodiment of the invention distributed file system.Wherein, meta data server also comprises SIM and user's operating right authentication module; The data block server also comprises the access authority verification module.Wherein, said SIM, whether be used for the judges identity legal.Said user's operating right authentication module is used to judge whether this user has corresponding operating right to the file of ask visit, just the operating right from validated user is verified; If have, then send this user's authority is confirmed notice, and will return to client with the relevant metadata information of file of ask visit to the data block server.Said access authority verification module is used for confirming that according to the authority received the information of notice comes the operation requests of client is verified, and handle from validated user by operation requests that meta data server allowed.
According to one embodiment of present invention, meta data server also comprises user and rights management list block, is used to keep and safeguards the tabulation of distributed file system validated user and the user operating right tabulation to file.Said validated user tabulation is used to preserve validated user, user's group and the corresponding user cipher of distributed file system, and wherein user cipher is preserved with the form of ciphertext.And this module increases file in the metadata relevant with file the owner, user organize ID and user's operating right, and said user's operating right comprises read-only Share Permissions, controlled write operation authority and shared write operation authority.The access authority verification module also is used for confirming that according to the authority received notice administers and maintains list of access rights on the data block server, preserves user profile in the said list of access rights, and the user is to the operating right information of file etc.
More specifically, the user is following through the process of client-access distributed file system shown in Figure 3: at first client is sent logging request to meta data server, comprises subscriber authentication information in this logging request, for example username and password; Whether the SIM on the meta data server is legal according to this user identity of username and password checking of being preserved in the validated user tabulation.Meta data server will verify that the result returns to the user.For the user who possesses legal identity, meta data server allows its login, and to identify this session be legal dialogue, allows file is carried out subsequent operation, gives the user otherwise return error message.
Client can be divided into read operation and write operation to the action type of file; Request for read operation; At first transmit operation Authority Verification information is to meta data server for client, and said operating right authorization information can comprise ID, the file identification that will visit and the action type that will carry out this document or the like.Meta data server judges that the user name of the client of current sessions is a validated user then; Read the metadata information of its file that will visit, and use the authority setting value of this document and the user and the group information of file, verify whether this user has read right to this document; If allow to carry out read operation; Then the data block metamessage with this document sends to client, and sending permission confirms to notify the data block server, and this user has operating right to corresponding document with announcement data block server; Otherwise the Authority Verification failure is returned error message and is given client.
To the request of written document, similar with above-mentioned proof procedure, client at first transmit operation Authority Verification information arrives meta data server; Judge by meta data server whether this user has corresponding operating right to the file that will visit then; For example whether can carry out write operation to the file of ask visit, if can, metadata information that then will be relevant with this document (the data block metamessage corresponding with this document) turns back to client; Otherwise, return error message and give client.
After client is received metadata information; Send operation requests to the data block server, the access authority verification module on the data block server verifies through the information of preserving in the list of access rights whether this operation is the operation that is allowed to from validated user, if; Then it is handled; Otherwise refusal should be operated, and returned error message.
In addition, in order to improve reliability, meta data server can receive from the data block server authority is confirmed replying of notice after, again the metadata information relevant with file to be visited returned to client.After the data block server receives that authority is confirmed notice, send to meta data server immediately this authority is confirmed replying of notice, be in normal condition to show this data block server.But after if meta data server waits for a period of time, still do not receive from the replying of data block server, then can confirm notice to data block server sending permission that other comprise file to be visited according to metadata information.
In order to improve fail safe, the data block server can be verified authority affirmation notice, confirms that to confirm authority notice is from meta data server really.The benefit of doing like this is to avoid the disabled user that authority affirmation notice is distorted, and fail safe threatens to data.
Certainly, the user also can be through the request of client to meta data server transmission revised file authority, and the request of process and written document is similar, but does not need client and data block server communication, on meta data server, promptly can accomplish all modifications.
Fig. 4 is the operation chart that has provided the above-mentioned distributed file system of user capture.For example, suppose that the user organizes that the user has shared read operation authority to file F in 1, the user organizes user in 2 not to the right of file F operation.The user organizes 1 validated user A login back and reads file request to the meta data server transmission, through belonging to legal operation after the meta data server authentication, returns the data block metamessage relevant with file F, and confirms notice to data block server sending permission.Client connects the data block server, and corresponding document information is read in request, the data block server according to list of access rights judge this request be from validated user by the operation that meta data server allowed, and the fileinfo of response returned to client.Validated user B attempts to read file F in 2 and the user organizes; After file request is read in the meta data server transmission; Meta data server judges that according to user right this is operating as illegal operation, the read operation behavior of refusing user's B, and return the information that can not carry out read operation.
Again for example, suppose that the user organizes 1 and organizes with the user that the user has limited write operation authority to file F in 2, the user organizes 1 validated user A login back and sends the request of writing to file F to meta data server; The meta data server Query List; This user has the write operation authority to file, and does not exist other users that this document is carried out write operation this moment, authenticatedly belongs to legal operation; Then return the data block metamessage relevant, and confirm notice to data block server sending permission with file F to client.Client connects the data block server, after the data block server authentication, obtains corresponding document information and the data block that writes is sent to the data block server.In user A written document; The user organizes that validated user B attempts file F is carried out write operation in 2, to meta data server send read file request after, this user of meta data server checking has write permission; But this moment, file F was in the write operation of user A; Judge that then this is operating as illegal operation, the write operation behavior of refusing user's B, and return the information that can not carry out write operation.
Though the present invention is described through preferred embodiment, yet the present invention is not limited to described embodiment here, also comprises various changes and the variation done without departing from the present invention.
Claims (10)
1. a user and right management method that is used for distributed file system, said distributed file system comprises client, meta data server and data block server, said method comprises:
Step a) is received from the user capture file request of client, judges by meta data server whether this user has corresponding operating right to the file of ask visit;
Step b) is sent the authority affirmation notice to this user for the request that operating right is arranged to the data block server, and will return to client with the relevant metadata information of file of ask visit;
Step c) by client according to resulting metadata information to data block server transmit operation request;
Step d) confirms that based on the authority received the information in the notice comes the operation requests of client is verified by the data block server, and handle from validated user by operation requests that meta data server allowed.
2. whether legal method according to claim 1 also is included in when receiving login request of users before the step a), by meta data server user identity is verified, with judges identity step.
3. method according to claim 1 after step b) also comprises being received that by the data block server said authority is confirmed notice, is sent to meta data server and to be replied.
4. method according to claim 3 also comprises the replying authority affirmation notice of meta data server wait from the data block server in step b); If received and replied, then will return to client with the relevant metadata information of file of ask visit; If waited for after a period of time, do not receive and reply, then ask other data block server sending permissions of the file of visit to confirm notice to comprising this user.
5. according to claim 1 or 4 described methods, also comprise by the data block server to confirming to notify the step of verifying, to confirm that authority affirmation notice is from meta data server really from the authority of meta data server in step b).
6. distributed file system; Said distributed file system comprises client, meta data server and data block server; Wherein, Said meta data server comprises user's operating right authentication module, is used for when the user access request of receiving from client, judges whether this user has corresponding operating right to the file of ask visit; If have, then send this user's authority is confirmed notice, and will return to client with the relevant metadata information of file of ask visit to the data block server;
Said data block server comprises the access authority verification module, be used for confirming that based on the authority received the information of notice comes the operation requests of client is verified, and handle from this user by operation requests that meta data server allowed.
7. system according to claim 6, whether legal wherein, meta data server also comprises SIM, be used for when receiving login request of users, user identity being verified, with judges identity step.
8. system according to claim 6, wherein, said access authority verification module also is used for after receiving that said authority is confirmed notice, sends to meta data server and replys.
9. system according to claim 8, wherein, said user's operating right authentication module also is used to wait for the replying authority affirmation notice from the data block server; If received and replied, then will return to client with the relevant metadata information of file of ask visit; If waited for after a period of time, do not receive and reply, then ask other data block server sending permissions of the file of visit to confirm notice to comprising this user.
10. according to claim 6 or 9 described systems, wherein, said access authority verification module also is used for verifying confirming to notify from the authority of meta data server, confirms that to confirm authority notice is from meta data server really.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100478211A CN102546664A (en) | 2012-02-27 | 2012-02-27 | User and authority management method and system for distributed file system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100478211A CN102546664A (en) | 2012-02-27 | 2012-02-27 | User and authority management method and system for distributed file system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102546664A true CN102546664A (en) | 2012-07-04 |
Family
ID=46352622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100478211A Pending CN102546664A (en) | 2012-02-27 | 2012-02-27 | User and authority management method and system for distributed file system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102546664A (en) |
Cited By (43)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902898A (en) * | 2012-09-21 | 2013-01-30 | 中国科学院信息工程研究所 | Resource use control method and resource use control device of multi-dimensional digital media |
| CN102932374A (en) * | 2012-11-22 | 2013-02-13 | 青岛海信宽带多媒体技术有限公司 | Method for communication among network devices in local area network |
| CN103001956A (en) * | 2012-11-23 | 2013-03-27 | 杭州也要买电子商务有限公司 | Method for performing permission validation to system read operation request |
| CN103020499A (en) * | 2012-11-23 | 2013-04-03 | 杭州也要买电子商务有限公司 | Method for carrying out permission validation on write operation request of system |
| CN103023656A (en) * | 2012-12-17 | 2013-04-03 | 北京普泽天玑数据技术有限公司 | Method and system for controlling authority by distributed sequence table |
| CN103078859A (en) * | 2012-12-31 | 2013-05-01 | 普天新能源有限责任公司 | Service system authority management method, equipment and system |
| CN103095720A (en) * | 2013-01-30 | 2013-05-08 | 中国科学院自动化研究所 | Safety management method of cloud memory system based on session management server |
| CN103200276A (en) * | 2013-04-23 | 2013-07-10 | 福建伊时代信息科技股份有限公司 | File security control method and device |
| CN103986702A (en) * | 2014-05-12 | 2014-08-13 | 浪潮电子信息产业股份有限公司 | User authentication implementation method for distributed cluster storage system |
| CN104092652A (en) * | 2013-12-25 | 2014-10-08 | 腾讯数码(天津)有限公司 | Data processing system and method |
| CN104462903A (en) * | 2014-12-15 | 2015-03-25 | 北京国双科技有限公司 | Operation system authority processing method and device |
| CN105100149A (en) * | 2014-05-13 | 2015-11-25 | 中国电信股份有限公司 | Method and system for file management |
| CN105450750A (en) * | 2015-12-01 | 2016-03-30 | 成都汇合乾元科技有限公司 | Secure interaction method for intelligent terminal |
| CN105871794A (en) * | 2015-11-13 | 2016-08-17 | 乐视云计算有限公司 | Distributed file system date storage method and system, client and server |
| CN106250731A (en) * | 2016-07-21 | 2016-12-21 | 广东芬尼克兹节能设备有限公司 | A kind of user authority control method and system |
| WO2017020720A1 (en) * | 2015-08-03 | 2017-02-09 | 阿里巴巴集团控股有限公司 | Method and device for data access |
| CN106549983A (en) * | 2015-09-16 | 2017-03-29 | 中国移动通信集团公司 | The access method and terminal of a kind of database, server |
| CN107145531A (en) * | 2017-04-18 | 2017-09-08 | 北京思特奇信息技术股份有限公司 | The user management method of distributed file system and distributed file system |
| CN107239239A (en) * | 2016-03-28 | 2017-10-10 | 平安科技(深圳)有限公司 | Data transmission method and system |
| CN107294930A (en) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | The management method and device of file propagation |
| WO2017206754A1 (en) * | 2016-05-30 | 2017-12-07 | 中兴通讯股份有限公司 | Storage method and storage device for distributed file system |
| CN107613026A (en) * | 2017-10-31 | 2018-01-19 | 四川仕虹腾飞信息技术有限公司 | Distributed file management system based on cloud storage system |
| CN107657182A (en) * | 2017-10-18 | 2018-02-02 | 成都索贝数码科技股份有限公司 | A kind of method for strengthening media data control of authority reliability |
| CN107766393A (en) * | 2016-08-22 | 2018-03-06 | 中国移动通信集团内蒙古有限公司 | Information processing method, client and server based on database |
| CN107844542A (en) * | 2017-10-26 | 2018-03-27 | 山东浪潮通软信息科技有限公司 | A kind of distributed document storage method and device |
| CN107992491A (en) * | 2016-10-26 | 2018-05-04 | 中国移动通信有限公司研究院 | A kind of method and device of distributed file system, data access and data storage |
| CN108076148A (en) * | 2017-12-15 | 2018-05-25 | 成都链网络科技有限公司 | Storage system based on block chain |
| CN108111585A (en) * | 2017-12-15 | 2018-06-01 | 成都链网络科技有限公司 | Distributed storage method based on block chain |
| CN108134822A (en) * | 2017-12-15 | 2018-06-08 | 成都链网络科技有限公司 | The method for down loading of storage system based on block chain |
| CN108289098A (en) * | 2018-01-12 | 2018-07-17 | 百度在线网络技术(北京)有限公司 | Right management method and device, server, the medium of distributed file system |
| CN108924124A (en) * | 2018-06-29 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of file access method, device, equipment and readable storage medium storing program for executing |
| CN109067698A (en) * | 2018-06-05 | 2018-12-21 | 中国平安人寿保险股份有限公司 | A kind of variation and equipment of document of agreement |
| CN109327537A (en) * | 2018-11-12 | 2019-02-12 | 山东鲁能智能技术有限公司 | Information interacting method, system and the management framework of multi-client |
| CN109343863A (en) * | 2018-09-06 | 2019-02-15 | 福建星瑞格软件有限公司 | A kind of interface configuration method and system of HDFS permission |
| CN109787948A (en) * | 2017-11-14 | 2019-05-21 | 钉钉控股(开曼)有限公司 | Access method, right management method and the device of the communal space |
| CN110138881A (en) * | 2019-06-05 | 2019-08-16 | 安徽三实信息技术服务有限公司 | A kind of distributed memory system and its storage method |
| CN110347655A (en) * | 2019-06-12 | 2019-10-18 | 江苏富山软件科技有限公司 | A kind of distributed file system access frame |
| CN110765337A (en) * | 2019-11-15 | 2020-02-07 | 中科院计算技术研究所大数据研究院 | Service providing method based on internet big data |
| CN112100585A (en) * | 2020-08-19 | 2020-12-18 | 北京小米移动软件有限公司 | Authority management method, device and storage medium |
| CN112685022A (en) * | 2020-12-30 | 2021-04-20 | 北京字节跳动网络技术有限公司 | Picture processing interface generation method, device, equipment and storage medium |
| CN112861081A (en) * | 2021-01-29 | 2021-05-28 | 武汉华中数控股份有限公司 | G code encryption method and system for numerical control system |
| CN112947864A (en) * | 2021-03-29 | 2021-06-11 | 南方电网数字电网研究院有限公司 | Metadata storage method, device, equipment and storage medium |
| CN115174602A (en) * | 2022-06-30 | 2022-10-11 | 浙江蓝景科技有限公司 | Data processing method and system applied to fishery management |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6732178B1 (en) * | 1997-08-28 | 2004-05-04 | Cisco Technology, Inc. | Forced network portal |
| CN101217571A (en) * | 2008-01-18 | 2008-07-09 | 清华大学 | Write/read document operation method applied in multi-copy data grid system |
| CN101534295A (en) * | 2009-04-08 | 2009-09-16 | 哈尔滨工程大学 | Storage method of architecture based on object storage system |
| CN101605137A (en) * | 2009-07-10 | 2009-12-16 | 中国科学技术大学 | Safe distribution file system |
-
2012
- 2012-02-27 CN CN2012100478211A patent/CN102546664A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6732178B1 (en) * | 1997-08-28 | 2004-05-04 | Cisco Technology, Inc. | Forced network portal |
| CN101217571A (en) * | 2008-01-18 | 2008-07-09 | 清华大学 | Write/read document operation method applied in multi-copy data grid system |
| CN101534295A (en) * | 2009-04-08 | 2009-09-16 | 哈尔滨工程大学 | Storage method of architecture based on object storage system |
| CN101605137A (en) * | 2009-07-10 | 2009-12-16 | 中国科学技术大学 | Safe distribution file system |
Cited By (60)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902898A (en) * | 2012-09-21 | 2013-01-30 | 中国科学院信息工程研究所 | Resource use control method and resource use control device of multi-dimensional digital media |
| CN102902898B (en) * | 2012-09-21 | 2018-05-18 | 中国科学院信息工程研究所 | The resource of multi-dimensional digital media uses control method and device |
| CN102932374A (en) * | 2012-11-22 | 2013-02-13 | 青岛海信宽带多媒体技术有限公司 | Method for communication among network devices in local area network |
| CN103001956A (en) * | 2012-11-23 | 2013-03-27 | 杭州也要买电子商务有限公司 | Method for performing permission validation to system read operation request |
| CN103020499A (en) * | 2012-11-23 | 2013-04-03 | 杭州也要买电子商务有限公司 | Method for carrying out permission validation on write operation request of system |
| CN103023656A (en) * | 2012-12-17 | 2013-04-03 | 北京普泽天玑数据技术有限公司 | Method and system for controlling authority by distributed sequence table |
| CN103023656B (en) * | 2012-12-17 | 2018-06-01 | 北京普泽创智数据技术有限公司 | A kind of distribution sequence list authority control method and its system |
| CN103078859B (en) * | 2012-12-31 | 2016-03-02 | 普天新能源有限责任公司 | Operation system right management method, equipment and system |
| CN103078859A (en) * | 2012-12-31 | 2013-05-01 | 普天新能源有限责任公司 | Service system authority management method, equipment and system |
| CN103095720A (en) * | 2013-01-30 | 2013-05-08 | 中国科学院自动化研究所 | Safety management method of cloud memory system based on session management server |
| CN103095720B (en) * | 2013-01-30 | 2016-03-23 | 中国科学院自动化研究所 | A kind of method for managing security of cloud storage system of dialogue-based management server |
| CN103200276B (en) * | 2013-04-23 | 2016-06-29 | 福建伊时代信息科技股份有限公司 | The method and apparatus that a kind of file security controls |
| CN103200276A (en) * | 2013-04-23 | 2013-07-10 | 福建伊时代信息科技股份有限公司 | File security control method and device |
| CN104092652A (en) * | 2013-12-25 | 2014-10-08 | 腾讯数码(天津)有限公司 | Data processing system and method |
| CN104092652B (en) * | 2013-12-25 | 2017-08-01 | 腾讯数码(天津)有限公司 | Data handling system and method |
| CN103986702A (en) * | 2014-05-12 | 2014-08-13 | 浪潮电子信息产业股份有限公司 | User authentication implementation method for distributed cluster storage system |
| CN105100149A (en) * | 2014-05-13 | 2015-11-25 | 中国电信股份有限公司 | Method and system for file management |
| CN104462903A (en) * | 2014-12-15 | 2015-03-25 | 北京国双科技有限公司 | Operation system authority processing method and device |
| CN104462903B (en) * | 2014-12-15 | 2019-01-08 | 北京国双科技有限公司 | The treating method and apparatus of operation system permission |
| WO2017020720A1 (en) * | 2015-08-03 | 2017-02-09 | 阿里巴巴集团控股有限公司 | Method and device for data access |
| CN106549983B (en) * | 2015-09-16 | 2020-03-31 | 中国移动通信集团公司 | Database access method, terminal and server |
| CN106549983A (en) * | 2015-09-16 | 2017-03-29 | 中国移动通信集团公司 | The access method and terminal of a kind of database, server |
| CN105871794A (en) * | 2015-11-13 | 2016-08-17 | 乐视云计算有限公司 | Distributed file system date storage method and system, client and server |
| CN105450750A (en) * | 2015-12-01 | 2016-03-30 | 成都汇合乾元科技有限公司 | Secure interaction method for intelligent terminal |
| CN107239239A (en) * | 2016-03-28 | 2017-10-10 | 平安科技(深圳)有限公司 | Data transmission method and system |
| CN107294930A (en) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | The management method and device of file propagation |
| WO2017206754A1 (en) * | 2016-05-30 | 2017-12-07 | 中兴通讯股份有限公司 | Storage method and storage device for distributed file system |
| CN106250731A (en) * | 2016-07-21 | 2016-12-21 | 广东芬尼克兹节能设备有限公司 | A kind of user authority control method and system |
| CN107766393A (en) * | 2016-08-22 | 2018-03-06 | 中国移动通信集团内蒙古有限公司 | Information processing method, client and server based on database |
| CN107992491A (en) * | 2016-10-26 | 2018-05-04 | 中国移动通信有限公司研究院 | A kind of method and device of distributed file system, data access and data storage |
| CN107145531B (en) * | 2017-04-18 | 2020-09-04 | 北京思特奇信息技术股份有限公司 | Distributed file system and user management method of distributed file system |
| CN107145531A (en) * | 2017-04-18 | 2017-09-08 | 北京思特奇信息技术股份有限公司 | The user management method of distributed file system and distributed file system |
| CN107657182A (en) * | 2017-10-18 | 2018-02-02 | 成都索贝数码科技股份有限公司 | A kind of method for strengthening media data control of authority reliability |
| CN107657182B (en) * | 2017-10-18 | 2020-12-01 | 成都索贝数码科技股份有限公司 | Method for enhancing reliability of media data authority control |
| CN107844542A (en) * | 2017-10-26 | 2018-03-27 | 山东浪潮通软信息科技有限公司 | A kind of distributed document storage method and device |
| CN107613026A (en) * | 2017-10-31 | 2018-01-19 | 四川仕虹腾飞信息技术有限公司 | Distributed file management system based on cloud storage system |
| CN109787948B (en) * | 2017-11-14 | 2022-05-17 | 钉钉控股(开曼)有限公司 | Access method and authority management method and device for shared space |
| CN109787948A (en) * | 2017-11-14 | 2019-05-21 | 钉钉控股(开曼)有限公司 | Access method, right management method and the device of the communal space |
| CN108076148A (en) * | 2017-12-15 | 2018-05-25 | 成都链网络科技有限公司 | Storage system based on block chain |
| CN108111585A (en) * | 2017-12-15 | 2018-06-01 | 成都链网络科技有限公司 | Distributed storage method based on block chain |
| CN108134822A (en) * | 2017-12-15 | 2018-06-08 | 成都链网络科技有限公司 | The method for down loading of storage system based on block chain |
| CN108111585B (en) * | 2017-12-15 | 2021-08-31 | 成都波霎科技有限公司 | Distributed storage method based on block chain |
| CN108289098A (en) * | 2018-01-12 | 2018-07-17 | 百度在线网络技术(北京)有限公司 | Right management method and device, server, the medium of distributed file system |
| CN108289098B (en) * | 2018-01-12 | 2021-07-06 | 百度在线网络技术(北京)有限公司 | Authority management method and device of distributed file system, server and medium |
| CN109067698A (en) * | 2018-06-05 | 2018-12-21 | 中国平安人寿保险股份有限公司 | A kind of variation and equipment of document of agreement |
| CN108924124A (en) * | 2018-06-29 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of file access method, device, equipment and readable storage medium storing program for executing |
| CN109343863A (en) * | 2018-09-06 | 2019-02-15 | 福建星瑞格软件有限公司 | A kind of interface configuration method and system of HDFS permission |
| CN109343863B (en) * | 2018-09-06 | 2022-01-04 | 福建星瑞格软件有限公司 | Interface configuration method and system for HDFS (Hadoop distributed File System) permission |
| CN109327537A (en) * | 2018-11-12 | 2019-02-12 | 山东鲁能智能技术有限公司 | Information interacting method, system and the management framework of multi-client |
| CN109327537B (en) * | 2018-11-12 | 2021-03-09 | 山东鲁能软件技术有限公司智能电气分公司 | Multi-client information interaction method, system and management system |
| CN110138881A (en) * | 2019-06-05 | 2019-08-16 | 安徽三实信息技术服务有限公司 | A kind of distributed memory system and its storage method |
| CN110347655A (en) * | 2019-06-12 | 2019-10-18 | 江苏富山软件科技有限公司 | A kind of distributed file system access frame |
| CN110765337A (en) * | 2019-11-15 | 2020-02-07 | 中科院计算技术研究所大数据研究院 | Service providing method based on internet big data |
| CN110765337B (en) * | 2019-11-15 | 2021-04-06 | 中科院计算技术研究所大数据研究院 | Service providing method based on internet big data |
| CN112100585A (en) * | 2020-08-19 | 2020-12-18 | 北京小米移动软件有限公司 | Authority management method, device and storage medium |
| CN112685022A (en) * | 2020-12-30 | 2021-04-20 | 北京字节跳动网络技术有限公司 | Picture processing interface generation method, device, equipment and storage medium |
| CN112861081A (en) * | 2021-01-29 | 2021-05-28 | 武汉华中数控股份有限公司 | G code encryption method and system for numerical control system |
| CN112947864A (en) * | 2021-03-29 | 2021-06-11 | 南方电网数字电网研究院有限公司 | Metadata storage method, device, equipment and storage medium |
| CN112947864B (en) * | 2021-03-29 | 2024-03-08 | 南方电网数字平台科技(广东)有限公司 | Metadata storage method, apparatus, device and storage medium |
| CN115174602A (en) * | 2022-06-30 | 2022-10-11 | 浙江蓝景科技有限公司 | Data processing method and system applied to fishery management |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102546664A (en) | User and authority management method and system for distributed file system | |
| CN108737370B (en) | Block chain-based Internet of things cross-domain authentication system and method | |
| US11347876B2 (en) | Access control | |
| CN106534199B (en) | Distributed system certification and rights management platform under big data environment based on XACML and SAML | |
| US8719582B2 (en) | Access control using identifiers in links | |
| CN103095720B (en) | A kind of method for managing security of cloud storage system of dialogue-based management server | |
| US10754826B2 (en) | Techniques for securely sharing files from a cloud storage | |
| US20180225469A1 (en) | Expendable access control | |
| CN105516110B (en) | Mobile device security data transmission method | |
| CN107025409A (en) | A kind of data safety storaging platform | |
| CN103262466A (en) | Authentication system, authentication server, service provision server, authentication method, and computer-readable recording medium | |
| CN111783075A (en) | Authority management method, device and medium based on secret key and electronic equipment | |
| CN104836862B (en) | A kind of Intelligent terminal data storage method | |
| CN105007302B (en) | A kind of mobile terminal data storage method | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN101827101A (en) | Information asset protection method based on credible isolated operating environment | |
| CN103780580A (en) | Method, server and system for providing capability access strategy | |
| CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
| CN113610528B (en) | Management system, method, equipment and storage medium based on block chain | |
| CN106533693B (en) | Access method and device of railway vehicle monitoring and overhauling system | |
| CN103535007A (en) | Managed authentication on a distributed network | |
| JP2019028805A5 (en) | ||
| EP4032070A1 (en) | Method, locking system for controlling access to a resource and a locking device | |
| KR20230104921A (en) | How to break the protection of an object achieved by the protection device | |
| CN102571874A (en) | On-line audit method and device in distributed system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120704 |