bash 如何使用 linux flock 命令防止另一个 root 进程删除文件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1040828/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I use the linux flock command to prevent another root process from deleting a file?
提问by Danmaxis
I would like to prevent one of my root processes from deleting a certain file. So I came across the flock command, it seems to fit my need, but I didn't get its syntax.
我想阻止我的一个根进程删除某个文件。所以我遇到了 flock 命令,它似乎符合我的需要,但我没有得到它的语法。
If I only indicate a shared lock, it doesn't work:
如果我只表示共享锁,则不起作用:
flock -s "./file.xml"
If I add a timeout parameter, it still doesn't work:
如果我添加超时参数,它仍然不起作用:
flock -s -w5 "./file.xml"
It seems that way, it fits in flock [-sxun][-w #] fd#way.
(What is this fd#parameter?)
似乎是这样,它恰如其分flock [-sxun][-w #] fd#。(这个fd#参数是什么?)
So, I tried:
所以,我试过:
flock [-sxon][-w #] file [-c] command
Using flock -s -w5 "./file.xml" -c "tail -3 ./file.xml"and it worked, tail command at ./file.xml was executed.
使用flock -s -w5 "./file.xml" -c "tail -3 ./file.xml"并且它起作用了,执行了 ./file.xml 中的 tail 命令。
But I would like to know, does the lock end after the command or does it last 5 seconds after the end of the command execution? My main question is, how can I prevent another root process from deleting a file in linux?
但我想知道,锁定是在命令之后结束还是在命令执行结束后持续 5 秒?我的主要问题是,如何防止另一个根进程在 linux 中删除文件?
回答by MarkR
No, flock does NOT prevent anyone from doing anything. Unix locks are ADVISORY, which means that they prevent other processes from also calling flock (or in the case of a shared lock, prevent another process using an exclusive one).
不,flock 不会阻止任何人做任何事情。Unix 锁是 ADVISORY,这意味着它们防止其他进程也调用 flock(或者在共享锁的情况下,防止另一个进程使用独占锁)。
It doesn't stop root, or anyone else, from reading, writing or deleting the file.
它不会阻止 root 或其他任何人读取、写入或删除文件。
In any case, even if it was a mandatory lock, it wouldn't stop the file being deleted, as it's the file being locked not the directory entry.
在任何情况下,即使是强制锁定,也不会阻止文件被删除,因为锁定的是文件而不是目录条目。
回答by kSiR
sudo chattr +i ./file.xml
sudo chattr +i ./file.xml
MarkR is correct chattr'ing the file will prevent it from being deleted:
MarkR 是正确的 chattr'ing 文件将阻止它被删除:
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2135] --> sudo chattr +i junk.txt
[sudo] password for risk:
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2136] --> sudo rm ./junk.txt
rm: cannot remove `./junk.txt': Operation not permitted
zsh: exit 1 sudo rm ./junk.txt
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2137] --> sudo rm -f ./junk.txt
rm: cannot remove `./junk.txt': Operation not permitted
zsh: exit 1 sudo rm -f ./junk.txt
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2138] -->
回答by Rory
flock is not the right tool for this job. If you have a programme that is deleting files, you should not run that programme as root. You should run it as a different user. Unix has very good support for file permissions, but root is a god account. Root can do everything, and there are no permissions for root.
flock 不是这项工作的正确工具。如果您有一个正在删除文件的程序,则不应以 root 身份运行该程序。您应该以不同的用户身份运行它。Unix对文件权限的支持非常好,但是root是神账号。root可以做任何事情,root没有权限。
