如何使用linux集群命令防止另一个根进程删除文件?
我想阻止我的根进程之一删除某个文件。 所以我遇到了flock命令,它似乎符合我的需要,但我没有得到它的语法。
如果我只指示共享锁,它不起作用:
flock -s "./file.xml"
如果我添加超时参数,它仍然不起作用:
flock -s -w5 "./file.xml"
看起来是这样,它适合 flock [-sxun][-w #] fd #方式。 (这个fd#参数是什么?)
所以,我尝试了:
flock [-sxon][-w #] file [-c] command
使用flock -s -w5 "./file.xml" -c "tail -3 ./file.xml"< /code> 成功了,./file.xml 处的 tail 命令被执行。
但我想知道,锁是在命令之后结束还是在命令执行结束后持续5秒? 我的主要问题是,如何防止另一个 root 进程删除 Linux 中的文件?
I would like to prevent one of my root processes from deleting a certain file. So I came across the flock command, it seems to fit my need, but I didn't get its syntax.
If I only indicate a shared lock, it doesn't work:
flock -s "./file.xml"
If I add a timeout parameter, it still doesn't work:
flock -s -w5 "./file.xml"
It seems that way, it fits in flock [-sxun][-w #] fd# way.
(What is this fd# parameter?)
So, I tried:
flock [-sxon][-w #] file [-c] command
Using flock -s -w5 "./file.xml" -c "tail -3 ./file.xml" and it worked, tail command at ./file.xml was executed.
But I would like to know, does the lock end after the command or does it last 5 seconds after the end of the command execution? My main question is, how can I prevent another root process from deleting a file in linux?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
不,羊群不会阻止任何人做任何事情。 Unix 锁是 ADVISORY,这意味着它们可以防止其他进程也调用集群(或者在共享锁的情况下,防止另一个进程使用独占锁)。
它不会阻止 root 或其他任何人读取、写入或删除该文件。
无论如何,即使是强制锁定,也不会阻止文件被删除,因为被锁定的是文件而不是目录项。
No, flock does NOT prevent anyone from doing anything. Unix locks are ADVISORY, which means that they prevent other processes from also calling flock (or in the case of a shared lock, prevent another process using an exclusive one).
It doesn't stop root, or anyone else, from reading, writing or deleting the file.
In any case, even if it was a mandatory lock, it wouldn't stop the file being deleted, as it's the file being locked not the directory entry.
sudo chattr +i ./file.xmlMarkR 是正确的,对文件进行 chattr 操作将防止其被删除:
sudo chattr +i ./file.xmlMarkR is correct chattr'ing the file will prevent it from being deleted:
羊群不是这项工作的正确工具。 如果您有一个正在删除文件的程序,则不应以 root 身份运行该程序。 您应该以不同的用户身份运行它。 Unix对于文件权限的支持非常好,但是root却是一个神账户。 root可以做一切事情,而且root没有任何权限。
flock is not the right tool for this job. If you have a programme that is deleting files, you should not run that programme as root. You should run it as a different user. Unix has very good support for file permissions, but root is a god account. Root can do everything, and there are no permissions for root.