SlideShare a Scribd company logo

File Management & Access Control

Download as PPTX, PDF
Y
YuvrajWadavale

Unit-6.pptx File Management & Access Control File Management & Access Control File Management & Access Control File Management & Access Control File Management & Access Control File Management & Access Control File Management & Access Control File Management & Access Control File Management & Access Control File Management & Access Control File Management & Access Control

Engineering
1 of 81
File Management & Access Control Unit-6
File Concept • Contiguous logical address space • Types: • Data • numeric • character • binary • Program • Contents defined by file’s creator • Many types • Consider text file, source file, executable file
File Attributes • Name – only information kept in human-readable form • Identifier – unique tag (number) identifies file within file system • Type – needed for systems that support different types • Location – pointer to file location on device • Size – current file size • Protection – controls who can do reading, writing, executing • Time, date, and user identification – data for protection, security, and usage monitoring • Information about files are kept in the directory structure, which is maintained on the disk • Many variations, including extended file attributes such as file checksum • Information kept in the directory structure
File info Window on Mac OS X
File Operations • File is an abstract data type • Create • Write – at write pointer location • Read – at read pointer location • Reposition within file – seek(directory searched for the appropriate entry & the current file position pointer is repositioned to a given value.This does not require any I/0.) • Delete • Truncate(user erase the contents but keep its attributes) • Open(Fi) – search the directory structure on disk for entry Fi, and move the content of entry to memory • Close (Fi) – move the content of entry Fi in memory to directory structure on disk
Open Files • Several pieces of data are needed to manage open files: • Open-file table: tracks open files • File pointer: pointer to last read/write location, per process that has the file open • File-open count: counter of number of times a file is open – to allow removal of data from open-file table when last processes closes it • Disk location of the file: cache of data access information • Access rights: per-process access mode information
Open File Locking • Provided by some operating systems and file systems • Similar to reader-writer locks • Shared lock similar to reader lock – several processes can acquire concurrently • Exclusive lock similar to writer lock-only one process at a time can acquire such a lock. • Mediates access to a file
File Locking • Locks can also be Mandatory or advisory • Mandatory – If a lock is mandatory, then once a process acquires an exclusive lock, the operating system will prevent any other process from accessing the locked file. Eg . assume a process acquires an exclusive lock on the file system.log. If we attempt to open system.log from another process-for example, a text editor—the operating system will prevent access until the exclusive lock is released. This occurs even if the text editor is not written explicitly to acquire the lock. (OS ensures locking integrity) • Advisory – if the lock is advisory, then the operating system will not prevent the text editor from acquiring access to system.log. Rather, the text editor must be written so that it manually acquires the lock before accessing the file. Processes can find status of locks and decide what to do(developers ensure locks are appropriately acquired & released)
File Types – Name, Extension
Directory Structure • A collection of nodes containing information about all files F 1 F 2 F 3 F 4 F n Directory Files Both the directory structure and the files reside on disk
Disk Structure • Disk can be subdivided into partitions • Disks or partitions can be RAID protected against failure • Disk or partition can be used raw – without a file system, or formatted with a file system • Partitions also known as minidisks, slices • Entity containing file system known as a volume • Each volume containing file system also tracks that file system’s info in device directory or volume table of contents • As well as general-purpose file systems there are many special-purpose file systems, frequently all within the same operating system or computer
A Typical File-system Organization
Operations Performed on Directory • Search for a file • Create a file • Delete a file • List a directory • Rename a file • Traverse the file system
Directory Organization • Efficiency – locating a file quickly • Naming – convenient to users • Two users can have same name for different files • The same file can have several different names • Grouping – logical grouping of files by properties, (e.g., all Java programs, all games, …) The directory is organized logically to obtain
File System Mounting Just as a file must be opened before it is used, a file system must be mounted before it can be available to processes on the system. The operating system is given the name of the device and the mount point—the location within the file structure where the file system is to be attached. Typically, a mount point is an empty directory. For instance, on a UNIX system, a file system containing a user’s home directories might be mounted as /home then, to access the directory structure within that file system, we could precede the directory names with /home, as in /home/jane.
File System Implementation
File System File systems provide efficient and convenient access to the disk by allowing data to be stored, located, and retrieved easily.
Layered File System
File System Layers • I/O Control - manage I/O devices at the I/O control layer • Its input consists of high level commands such as retrieve block 123 • Its output will be low-level hardware specific commands to hardware controller, which interfaces the I/O device to the rest of the system • Basic file system needs only to issue generic commands to the appropriate device driver to read & write physical blocks on the disk. • Given commands like “read drive1, cylinder 72, track 2, sector 10, into memory location 1060” • Also manages memory buffers and caches (allocation, freeing, replacement) • Buffers hold data in transit • Caches hold frequently used data • File organization module understands files, logical address, and physical blocks ● Translates logical block # to physical block # ● Manages free space, disk allocation
File System Layers (Cont.) • Logical file system manages metadata information • Translates file name into file number, file handle, location by maintaining file control blocks (inodes in UNIX) • Directory management • Protection • Layering useful for reducing complexity and redundancy, but adds overhead and can decrease performance. Translates file name into file number, file handle, location by maintaining file control blocks (inodes in UNIX) • Logical layers can be implemented by any coding method according to OS designer
File-System Implementation Two types of structures used-On-disk and in-memory structures 1)On-disk Structures • Boot control block contains info needed by system to boot OS from that volume • Needed if volume contains OS, usually first block of volume • Volume control block (superblock, master file table) contains volume details • Total # of blocks, # of free blocks, block size, free block pointers or array • Directory structure organizes the files • Names and inode numbers, master file table
File-System Implementation (Cont.) • Per-file File Control Block (FCB) contains many details about the file • inode number, permissions, size, dates • It has a unique identifier number to allow association with a directory entry • NTFS stores into in master file table using relational DB structures
Other Structures used for file system implementation In-memory structures used: An in-memory mount table contains information about each mounted volume. In-memory directory structure holds the directory information of recently accessed directories The system-wide open-file table contains a copy of the FCB of each open file, as well as other information. The per-process open-file table contains a pointer to the appropriate entry in the system-wide open-file table, as well as other information. Buffers hold file-system blocks when they are being read from disk or written to disk.
Creating New File To create a new file, an application program calls the logical file system. The logical file system knows the format of the directory structures. To create a new file, it allocates a new FCB. The system then reads the appropriate directory into memory, updates it with the new file name and FCB, and writes it back to the disk. File Control Block (FCB) contains many details about the file inode number, permissions, size, dates
Reading File The open() call passes a file name to the logical file system. The open() system call first searches the system-wide open-file table to see if the file is already in use by another process. If it is, a per-process open-file table entry is created pointing to the existing system-wide open-file table. If the file is not already open, the directory structure is searched for the given file name. Parts of the directory structure are usually cached in memory to speed directory operations. Once the file is found, the FCB is copied into a system-wide open-file table in memory. This table not only stores the FCB but also tracks the number of processes that have the file open.
File -Read
Types of Access Methods for Files • Sequential • Direct • And other access methods
Sequential Access ⮚ Most common operations on Files -Read -Write ⮚ File Pointer Whenever a file is opened for READ/WRITE operation on a file , a file pointer is maintained to keep track of the current position in the file
Operations • Sequential Access read next(reads the next portion of file & automatically advances file pointer,which tracks the I/O location. write next (appends to the end of the file & advances to the end of the newly written material reset-reset to the begining
Direct Access Direct Access – file is fixed length logical records read n write n Alternative approach- position to n read next write next rewrite n n = relative block number • Relative block numbers allow OS to decide where file should be placed.
Other Access Methods • Can be built on top of base methods • Generally involve creation of an index for the file • The index, similar to the index of the book ,contains pointers to the various blocks • Keep index in memory for fast determination of location of data to be operated on • If too large, index (in memory) of the index (on disk) • IBM indexed sequential-access method (ISAM) • Small master index, points to disk blocks of secondary index • File kept sorted on a defined key • All done by the OS
Example of Index and Relative Files
Partitions and Mounting • Partition can be a volume containing a file system (“cooked”) or raw – just a sequence of blocks with no file system • Boot information can be stored in a separate partition • Boot information is generally a series of blocks loaded as an image to memory • Boot block can point to boot volume or boot loader set of blocks that contain enough code to know how to load the kernel • Or a boot management program for multi-os booting • Root partition contains the OS, other partitions can hold other Oses, other file systems, or be raw • Mounted at boot time • Other partitions can mount automatically or manually • At mount time, file system consistency checked • Is all metadata correct? • If not, fix it, try again • If yes, add to mount table, allow access
Directory Implementation • Linear list of file names with pointer to the data blocks • Simple to program • Time-consuming to execute • Linear search time • Could keep ordered alphabetically via linked list or use B+ tree • Hash Table – linear list with hash data structure • Decreases directory search time • Collisions – situations where two file names hash to the same location • Only good if entries are fixed size, or use chained- overflow method
Directory Implementation Linear List: Linear list of file names with pointer to the data blocks To create a new file, we must first search the directory to be sure that no existing file has the same name. Then, we add a new entry at the end of the directory. To delete a file,we search the directory for the named file and then release the space allocated to it. To reuse the directory entry, we can do one of several things. We can mark the entry as unused (by assigning it a special name, such as an all-blank name, or by including a used– unused bit in each entry), or we can attach it to a list of free directory entries. A third alternative is to copy the last entry in the directory into the freed location and to decrease the length of the directory. A linked list can also be used to decrease the time required to delete a file. Advantage & disadvantage Simple to program Time-consuming to execute Linear search time Could keep ordered alphabetically via linked list or use B+ tree
Allocation Methods - Contiguous • An allocation method refers to how disk blocks are allocated for files: • Contiguous allocation – each file occupies set of contiguous blocks • Best performance in most cases • Simple – only starting location (block #) and length (number of blocks) are required • Problems include finding space for file, knowing file size, external fragmentation, need for compaction off-line (downtime) or on-line
Hash Table A linear list stores the directory entries, but a hash data structure is also used. The hash table takes a value computed from the file name and returns a pointer to the filename in the linear list. Therefore, it can greatly decrease the directory search time. Decreases directory search time Collisions – situations where two file names hash to the same location Only good if entries are fixed size, or use chained-overflow method
Allocation Methods How to allocate space to these files so that disk space is utilized effectively and files can be accessed quickly. Three major methods of allocating disk space are in wide use: contiguous, linked, and indexed. Continious Allocation Contiguous allocation requires that each file occupy a set of contiguous blocks on the disk. Disk addresses define a linear ordering on the disk. Contiguous allocation of a file is defined by the disk address and length (in block units) of the first block. If the file is n blocks long and starts at location b, then it occupies blocks b, b + 1, b + 2, ..., b + n − 1. The directory entry for each file indicates the address of the starting block and the length of the area allocated for this file
Contiguous Allocation
Allocation Methods - Linked • Linked allocation – each file a linked list of blocks • File ends at nil pointer • No external fragmentation • Each block contains pointer to next block • No compaction, external fragmentation • Free space management system called when new block needed • Improve efficiency by clustering blocks into groups but increases internal fragmentation • Reliability can be a problem • Locating a block can take many I/Os and disk seeks
Linked Allocation
Allocation Methods – Linked (Cont.) • FAT (File Allocation Table) variation • A section of disk at the beginning of each volume has table; table has one entry for each disk block indexed by block number • Much like a linked list, but faster on disk and cacheable • New block allocation simple
File-Allocation Table ⮚ FAT Structure for a file consisting of disk blocks 217,618,339 ⮚ FAT allocation scheme results in significant no of disk head seeks,unless the FAT is cached.
Example of Indexed Allocation
Example of Indexed Allocation All the pointers together into one location: the index block Each file has its own index block, which is an array of disk-block addresses. The ith entry in the index block points to the ith block of the file. The directory
Overview of Unix File System • A hierarchical structure • consistent treatment of file data • the ability to create and delete files • dynamic growth of files • the protection of file data • the treatment of peripheral devices as files • Many different filesystem approaches are supported by Linux — the standard filesystems Ext2 and Ext3, ReiserFS, XFS, VFAT (for reasons of compatibility with DOS), and countless more.
A hierarchical structure
PathName • The filesystem is presented as a single unified hierarchy that starts at the directory / and • continues downward through an arbitrary number of subdirectories. • / is also called the root directory. • Each non-leaf node of the file system structure is a directory of files. • Each leaf node can be either directory, regular files or special device files. • Absolute and relative paths: • The list of directories that must be traversed to locate a particular file plus that file’s filename form a pathname. • Pathnames can be either absolute (/tmp/foo) or relative (book4/filesystem). • Relative pathnames are interpreted starting at the current directory. • Command used to alter the current directory : cd • Command to know the current directory : pwd
• $ cd /usr/src/uts • $ cd ../.. • The current working directory is represented by a dot i.e. . • The parent directory of the current directory is referred by ..
Internal representation of a file ❑ Internal representation of a file is given by an inode, which contains a description of the disk layout of the file data and other information such as the file owner, access permissions, and access times. ❑ Every file has one inode, but it may have several names, all of which map into the inode. ❑ Each name is called a link. ❑ The command gives the information of the inodes assigned . ❑ When a process creates a new file, the kernel assigns it an unused inode. • $ ls –il
More on Inodes • Exists in a static form on disk and the kernel reads them into an in-core inode to manipulate them. • Disk Inodes consists of following fields: ❑ File Owner identifier •Ownership of file is divided between Individual owner and “Group” owner , and defines the set of users who have access rights to file. ❑ File Type •Regular, directory, character or block special , FIFO(pipe) ❑ File Access permissions • To protect by three classes(owner, group, other) : Read, write, execute permissions are provided which can be set individualy.
Continued.. ❑ File Access times • Last modified time, Last access time, Last modification time of Inode ❑ Number of links to the file • Represents no. of names the file has in directory hierarchy. ❑ Table of contents for the disk address of data in a file •Users treat data as logical stream of bytes but kernel saves the data in discontiguous disk blocks. The Inodes identifies the disk blocks that contain file’s data. ❑ File Size • Size of file in bytes
5 Sample Disk Inode
Continued.. ❑ Inodes are stored in the file system, but the kernel reads them into an in-core (in-memory) inode table when manipulating files. ❑ The kernel contains two other data structures, • the file table and • the user file descriptor table. ❑ The file table is a global kernel structure, but the user file descriptor table is allocated per process. ❑ When a process opens or creats a file, the kernel allocates an entry from each table, corresponding to the file's inode. ❑ Entries in the three structures -- user file descriptor table, file table, and inode table -- maintain the state of the file and the user's access to it. ❑ The file table keeps track of the byte offset in the file where the user's next read or write will start, and the access rights allowed to the opening process. ❑ The user file descriptor table identifier all open files for a process.
Continued..
File System Layout A file system has the following structure: • The boot block occupies the beginning of a file system, typically the first sector, and may contain the bootstrap code that is read into the machine to boot , or initialize, the operating system. Although only one boot block is needed to boot the system, every file system has a (possibly empty) boot block.
Continued.. • The super block describes the state of a file system -- how large it is, how many files it can store, where to find free space on the file system, and other information. • The inode list is a list of inodes that follows the super block in the file system. Administrators specify the size of the inode list when configuring a file system. The kernel references inodes by index into the inode list. • One inode is the root inode of the file system: it is the inode by which the directory structure of the file system is accessible after execution of the mount system call. • The data blocks start at the end of the inode list and contain file data and administrative data. An allocated data block can belong to t one and only one file in the file system.
File-types
FILE ATTRIBUTES / ACCESS PERMISSIONS ❑ Every file has a set of nine permission bits that control who can read, write, and execute the contents of the file. ❑ Together with three other bits that primarily affect the operation of executable programs, these bits constitute the file’s “mode.” ❑ The twelve mode bits are stored together with four bits of file-type information in a 16 – bit word ❑ The four file-type bits are set when the file is first created and cannot be changed, but the file’s owner and the superuser can modify the twelve mode bits with the chmod (change mode) command. ❑ Use ls -l (or ls -ld for a directory) to inspect the values of these bits.
The permission bits ❑ Nine permission bits determine what operations may be performed on a file and by whom. ❑ Instead, three sets of permissions define access for the owner of the file, the group owners of the file, and everyone else (in that order) ❑ Each set has three bits: a read bit, a write bit, and an execute bit (also in that order). ❑ The topmost three bits control access for the owner, The second three control access for the group, The last three control access for everyone else (“the world”). ❑ In each triplet, the high bit is the read bit, the middle bit is the write bit, and the low bit is the execute bit.
TRADITIONAL UNIX ACCESS CONTROL ⮚ Rules that shaped the system’s design to implement the access control: • Objects (e.g., files and processes) have owners. Owners have broad (but not necessarily unrestricted) control over their objects. • You own new objects that you create. • The special user account called “root” can act as the owner of any object. • Only root can perform certain sensitive administrative operations
Filesystem access control • In the traditional model, every file has both an owner and a group • The owner can set the permissions of the file. The permissions can be set so restrictively that no one else can access it. • Although the owner of a file is always a single person, many people can be group owners of the file, as long as they are all part of a single group. • The owner of a file gets to specify what the group owners can do with it. This scheme allows files to be shared among members of the same project.
• Both the kernel and the filesystem track owners and groups as numbers rather than as text names. • In the most basic case, user identification numbers (UIDs for short) are mapped to usernames in the /etc/passwd file, and group identification numbers (GIDs) are mapped to group names in /etc/group.
The root account • The root account is UNIX’s omnipotent administrative user. It’s also known as the superuser account, although the actual username is “root”. • Traditional UNIX allows the superuser (that is, any process whose effective UID is 0) to perform any valid operation on any file or process. • Examples of restricted operations are • Changing the root directory of a process with chroot • Creating device files • Setting the system clock • Raising resource usage limits and process priorities • Setting the system’s hostname • Configuring network interfaces • Opening privileged network ports (those numbered below 1,024) • Shutting down the system
Advantages • Traditional access control has its own advantages: • It’s simple, predictable, and capable of handling the majority of access control requirements at the average site. • All UNIX and Linux variants continue to support this model, and it remains the default approach and the one that’s most widely used today.
ShortComings Traditional access control has some obvious shortcomings: • From a security perspective, the root account represents a potential single point of failure. • If it’s compromised, the integrity of the whole system is violated. There is no limit to the damage an attacker can inflict. • The only way to subdivide the special privileges of the root account is by writing setuid programs. • Unfortunately, as the Internet’s steady stream of security updates demonstrates, it’s difficult to write truly secure software.
ShortComings • The security model isn’t strong enough for use on a network. • No computer to which an unprivileged user has physical access can be trusted to accurately represent the ownerships of the processes it’s running • Many high-security environments enforce conventions that simply can’t be implemented with traditional UNIX security. • For example, United States government standards require computer systems to forbid privileged users (e.g., those with Top Secret security clearance) from republishing high-security documents at a lower security level. • Traditional UNIX security depends on the good will and skill of individual users in this regard.
ShortComings • Because many access-control-related rules are embedded in the code of individual commands and daemons, you cannot redefine the system’s behavior without modifying the source code and recompiling. But that’s not practical in the real world. • There is minimal support for auditing. You can easily see which groups a user belongs to, but you can’t necessarily determine what those group memberships permit a user to do.
REAL-WORLD ACCESS CONTROL • In spite of all the glamorous possibilities outlined in the last few sections, most sites still use the traditional root account for system administration. • Since root access is absolutely necessary for system administration and also the pivot point for system security, husbandry of the root account is a crucial skill.
Choosing a root password • The most important characteristic of a good password is length. The root password should be at least eight characters long; seven- character passwords are substantially easier to crack. • On systems that use DES passwords, it doesn’t help to use a password longer than eight characters because only the first eight are significant. One can enable MD5 or Blowfish encryption for passwords. These can be longer and are more secure. • Password security is increased enormously if you include numbers, punctuation marks, and capital letters
Change the root password • At least every three months or so • Every time someone who knows the password leaves your site • Whenever you think security may have been compromised
Logging in to the root account • Since root is just another user, you can log in directly to the root account and work your will upon the system. • However, this turns out to be a bad idea. To begin with, it leaves no record of what operations were performed as root. • Another disadvantage is that the log-in-as-root scenario leaves no record of who was really doing the work. If several people have access to the root account, you won’t be able to tell who used it and when. • For these reasons, most systems allow root logins to be disabled on terminals, through window systems, and across the network— everywhere but on the system console
su: substitute user identity • A marginally better way to access the root account is to use the su command. • If invoked without arguments, su prompts for the root password and then starts up a root shell. • Root privileges remain in effect until you terminate the shell by typing <Control-D> or the exit command. • su doesn’t record the commands executed as root, but it does create a log entry that states who became root and when.
sudo: limited su • sudo keeps a log of the command lines that were executed, the hosts on which they were run, the people who requested them, the directory from which they were run, and the times at which they were invoked. Refers the file /etc/sudoers • The use of sudo has the following advantages: • Accountability is much improved because of command logging. • Operators can do chores without unlimited root privileges. • The real root password can be known to only one or two people. • It’s faster to use sudo than to use su or to log in as root. • Privileges can be revoked without the need to change the root password. • A canonical list of all users with root privileges is maintained. • There is less chance of a root shell being left unattended. • A single file can be used to control access for an entire network.
Role Based Access Control • Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to superuser. • By applying security attributes to processes and to users, RBAC can divide up superuser capabilities among several administrators. • Process rights management is implemented through privileges. • User rights management is implemented through RBAC.
• RBAC uses the security principle of least privilege. • Least privilege means that a user has precisely the amount of privilege that is necessary to perform a job. • Ordinary users have enough privilege to use their applications, check the status of their jobs, print files, create new files, and so on. • Capabilities beyond ordinary user capabilities are grouped into rights profiles. • Users who are expected to do jobs that require some of the capabilities of superuser assume a role that includes the appropriate rights profile.
• RBAC collects superuser capabilities into rights profiles. • These rights profiles are assigned to special user accounts that are called roles. • A user can then assume a role to do a job that requires some of superuser's capabilities. • Example of role ( Solaris ) • Primary Administrator – A powerful role that is equivalent to the root user, or superuser. • System Administrator – A less powerful role for administration that is not related to security. This role can manage file systems, mail, and software installation. However, this role cannot set passwords. • Operator – A junior administrator role for operations such as backups and printer management. • Roles can be set up for special-purpose administrators in areas such as security, networking, or firewall administration.

Recommended

Ch10 file system interface
Ch10 file system interfaceCh10 file system interface
Ch10 file system interfaceWelly Dian Astika
 
operating system File - System Interface
operating system File - System Interfaceoperating system File - System Interface
operating system File - System InterfaceChandrakantDivate1
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
ITFT_File system interface in Operating System
ITFT_File system interface in Operating SystemITFT_File system interface in Operating System
ITFT_File system interface in Operating SystemSneh Prabha
 
Os6
Os6Os6
Os6gopal10scs185
 
File system and Deadlocks
File system and DeadlocksFile system and Deadlocks
File system and DeadlocksRohit Jain
 
Ch11 file system implementation
Ch11 file system implementationCh11 file system implementation
Ch11 file system implementationWelly Dian Astika
 
File Systems
File SystemsFile Systems
File SystemsShipra Swati
 

Recommended

Ch10 file system interface
Ch10 file system interfaceCh10 file system interface
Ch10 file system interfaceWelly Dian Astika
 
operating system File - System Interface
operating system File - System Interfaceoperating system File - System Interface
operating system File - System InterfaceChandrakantDivate1
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
ITFT_File system interface in Operating System
ITFT_File system interface in Operating SystemITFT_File system interface in Operating System
ITFT_File system interface in Operating SystemSneh Prabha
 
Os6
Os6Os6
Os6gopal10scs185
 
File system and Deadlocks
File system and DeadlocksFile system and Deadlocks
File system and DeadlocksRohit Jain
 
Ch11 file system implementation
Ch11 file system implementationCh11 file system implementation
Ch11 file system implementationWelly Dian Astika
 
File Systems
File SystemsFile Systems
File SystemsShipra Swati
 
Systems Programming - File IO
Systems Programming - File IOSystems Programming - File IO
Systems Programming - File IOHelpWithAssignment.com
 
Chapter 3
Chapter 3Chapter 3
Chapter 3Cahaya Penyayang
 
File system
File systemFile system
File systemNavin Royal Achakkagari
 
File system in operating system e learning
File system in operating system e learningFile system in operating system e learning
File system in operating system e learningLavanya Sharma
 
File System.pptx
File System.pptxFile System.pptx
File System.pptxbcanawakadalcollege
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Ahmed El-Arabawy
 
Access Methods and File System Mounting.pptx
Access Methods and File System Mounting.pptxAccess Methods and File System Mounting.pptx
Access Methods and File System Mounting.pptxlaiba29012
 
File System operating system operating system
File System operating system operating systemFile System operating system operating system
File System operating system operating systemEthiopia Satlliet television
 
UNIT7-FileMgmt.pptx
UNIT7-FileMgmt.pptxUNIT7-FileMgmt.pptx
UNIT7-FileMgmt.pptxNavyaKumar22
 
Unix File System
Unix File SystemUnix File System
Unix File Systemstudent(MCA)
 
Unit 3 file management
Unit 3 file managementUnit 3 file management
Unit 3 file managementKalai Selvi
 
Unit 3 chapter 1-file management
Unit 3 chapter 1-file managementUnit 3 chapter 1-file management
Unit 3 chapter 1-file managementKalai Selvi
 
UNIT III.pptx
UNIT III.pptxUNIT III.pptx
UNIT III.pptxYogapriyaJ1
 
File Management
File ManagementFile Management
File Managementramya marichamy
 
file management_osnotes.ppt
file management_osnotes.pptfile management_osnotes.ppt
file management_osnotes.pptHelalMirzad
 
9781111306366 ppt ch11
9781111306366 ppt ch119781111306366 ppt ch11
9781111306366 ppt ch11Dr. Ahmed Al Zaidy
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
 
File concept and access method
File concept and access methodFile concept and access method
File concept and access methodrajshreemuthiah
 
10 File System
10 File System10 File System
10 File SystemDr. Loganathan R
 
File system1.pptx
File system1.pptxFile system1.pptx
File system1.pptxSamar954063
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsvanyagupta248
 

More Related Content

Similar to File Management & Access Control

File system in operating system e learning
File system in operating system e learningFile system in operating system e learning
File system in operating system e learningLavanya Sharma
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Ahmed El-Arabawy
 
Access Methods and File System Mounting.pptx
Access Methods and File System Mounting.pptxAccess Methods and File System Mounting.pptx
Access Methods and File System Mounting.pptxlaiba29012
 
UNIT7-FileMgmt.pptx
UNIT7-FileMgmt.pptxUNIT7-FileMgmt.pptx
UNIT7-FileMgmt.pptxNavyaKumar22
 
Unit 3 file management
Unit 3 file managementUnit 3 file management
Unit 3 file managementKalai Selvi
 
Unit 3 chapter 1-file management
Unit 3 chapter 1-file managementUnit 3 chapter 1-file management
Unit 3 chapter 1-file managementKalai Selvi
 
file management_osnotes.ppt
file management_osnotes.pptfile management_osnotes.ppt
file management_osnotes.pptHelalMirzad
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
 
File concept and access method
File concept and access methodFile concept and access method
File concept and access methodrajshreemuthiah
 
File system1.pptx
File system1.pptxFile system1.pptx
File system1.pptxSamar954063
 

Similar to File Management & Access Control (20)

Systems Programming - File IO
Systems Programming - File IOSystems Programming - File IO
Systems Programming - File IO
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
File system
File systemFile system
File system
 
File system in operating system e learning
File system in operating system e learningFile system in operating system e learning
File system in operating system e learning
 
File System.pptx
File System.pptxFile System.pptx
File System.pptx
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1)
 
Access Methods and File System Mounting.pptx
Access Methods and File System Mounting.pptxAccess Methods and File System Mounting.pptx
Access Methods and File System Mounting.pptx
 
File System operating system operating system
File System operating system operating systemFile System operating system operating system
File System operating system operating system
 
UNIT7-FileMgmt.pptx
UNIT7-FileMgmt.pptxUNIT7-FileMgmt.pptx
UNIT7-FileMgmt.pptx
 
Unix File System
Unix File SystemUnix File System
Unix File System
 
Unit 3 file management
Unit 3 file managementUnit 3 file management
Unit 3 file management
 
Unit 3 chapter 1-file management
Unit 3 chapter 1-file managementUnit 3 chapter 1-file management
Unit 3 chapter 1-file management
 
UNIT III.pptx
UNIT III.pptxUNIT III.pptx
UNIT III.pptx
 
File Management
File ManagementFile Management
File Management
 
file management_osnotes.ppt
file management_osnotes.pptfile management_osnotes.ppt
file management_osnotes.ppt
 
9781111306366 ppt ch11
9781111306366 ppt ch119781111306366 ppt ch11
9781111306366 ppt ch11
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X Systems
 
File concept and access method
File concept and access methodFile concept and access method
File concept and access method
 
10 File System
10 File System10 File System
10 File System
 
File system1.pptx
File system1.pptxFile system1.pptx
File system1.pptx
 

Recently uploaded

HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsvanyagupta248
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...HenryBriggs2
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxkalpana413121
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxNANDHAKUMARA10
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...drmkjayanthikannan
 
Introduction to Robotics in Mechanical Engineering.pptx
Introduction to Robotics in Mechanical Engineering.pptxIntroduction to Robotics in Mechanical Engineering.pptx
Introduction to Robotics in Mechanical Engineering.pptxhublikarsn
 
Post office management system project ..pdf
Post office management system project ..pdfPost office management system project ..pdf
Post office management system project ..pdfKamal Acharya
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARKOUSTAV SARKAR
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
Digital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxDigital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxpritamlangde
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"mphochane1998
 
Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)ChandrakantDivate1
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesChandrakantDivate1
 
Query optimization and processing for advanced database systems
Query optimization and processing for advanced database systemsQuery optimization and processing for advanced database systems
Query optimization and processing for advanced database systemsmeharikiros2
 
👉 Yavatmal Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Girl S...
👉 Yavatmal Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Girl S...👉 Yavatmal Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Girl S...
👉 Yavatmal Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Girl S...manju garg
 
Introduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdfIntroduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdfsumitt6_25730773
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxMustafa Ahmed
 
Path loss model, OKUMURA Model, Hata Model
Path loss model, OKUMURA Model, Hata ModelPath loss model, OKUMURA Model, Hata Model
Path loss model, OKUMURA Model, Hata ModelDrAjayKumarYadav4
 

Recently uploaded (20)

HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptx
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Introduction to Robotics in Mechanical Engineering.pptx
Introduction to Robotics in Mechanical Engineering.pptxIntroduction to Robotics in Mechanical Engineering.pptx
Introduction to Robotics in Mechanical Engineering.pptx
 
Post office management system project ..pdf
Post office management system project ..pdfPost office management system project ..pdf
Post office management system project ..pdf
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Digital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxDigital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptx
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To Curves
 
Query optimization and processing for advanced database systems
Query optimization and processing for advanced database systemsQuery optimization and processing for advanced database systems
Query optimization and processing for advanced database systems
 
👉 Yavatmal Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Girl S...
👉 Yavatmal Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Girl S...👉 Yavatmal Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Girl S...
👉 Yavatmal Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Girl S...
 
Introduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdfIntroduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdf
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptx
 
Path loss model, OKUMURA Model, Hata Model
Path loss model, OKUMURA Model, Hata ModelPath loss model, OKUMURA Model, Hata Model
Path loss model, OKUMURA Model, Hata Model
 

File Management & Access Control

  • 1. File Management & Access Control Unit-6
  • 2. File Concept • Contiguous logical address space • Types: • Data • numeric • character • binary • Program • Contents defined by file’s creator • Many types • Consider text file, source file, executable file
  • 3. File Attributes • Name – only information kept in human-readable form • Identifier – unique tag (number) identifies file within file system • Type – needed for systems that support different types • Location – pointer to file location on device • Size – current file size • Protection – controls who can do reading, writing, executing • Time, date, and user identification – data for protection, security, and usage monitoring • Information about files are kept in the directory structure, which is maintained on the disk • Many variations, including extended file attributes such as file checksum • Information kept in the directory structure
  • 4. File info Window on Mac OS X
  • 5. File Operations • File is an abstract data type • Create • Write – at write pointer location • Read – at read pointer location • Reposition within file – seek(directory searched for the appropriate entry & the current file position pointer is repositioned to a given value.This does not require any I/0.) • Delete • Truncate(user erase the contents but keep its attributes) • Open(Fi) – search the directory structure on disk for entry Fi, and move the content of entry to memory • Close (Fi) – move the content of entry Fi in memory to directory structure on disk
  • 6. Open Files • Several pieces of data are needed to manage open files: • Open-file table: tracks open files • File pointer: pointer to last read/write location, per process that has the file open • File-open count: counter of number of times a file is open – to allow removal of data from open-file table when last processes closes it • Disk location of the file: cache of data access information • Access rights: per-process access mode information
  • 7. Open File Locking • Provided by some operating systems and file systems • Similar to reader-writer locks • Shared lock similar to reader lock – several processes can acquire concurrently • Exclusive lock similar to writer lock-only one process at a time can acquire such a lock. • Mediates access to a file
  • 8. File Locking • Locks can also be Mandatory or advisory • Mandatory – If a lock is mandatory, then once a process acquires an exclusive lock, the operating system will prevent any other process from accessing the locked file. Eg . assume a process acquires an exclusive lock on the file system.log. If we attempt to open system.log from another process-for example, a text editor—the operating system will prevent access until the exclusive lock is released. This occurs even if the text editor is not written explicitly to acquire the lock. (OS ensures locking integrity) • Advisory – if the lock is advisory, then the operating system will not prevent the text editor from acquiring access to system.log. Rather, the text editor must be written so that it manually acquires the lock before accessing the file. Processes can find status of locks and decide what to do(developers ensure locks are appropriately acquired & released)
  • 9. File Types – Name, Extension
  • 10. Directory Structure • A collection of nodes containing information about all files F 1 F 2 F 3 F 4 F n Directory Files Both the directory structure and the files reside on disk
  • 11. Disk Structure • Disk can be subdivided into partitions • Disks or partitions can be RAID protected against failure • Disk or partition can be used raw – without a file system, or formatted with a file system • Partitions also known as minidisks, slices • Entity containing file system known as a volume • Each volume containing file system also tracks that file system’s info in device directory or volume table of contents • As well as general-purpose file systems there are many special-purpose file systems, frequently all within the same operating system or computer
  • 12. A Typical File-system Organization
  • 13. Operations Performed on Directory • Search for a file • Create a file • Delete a file • List a directory • Rename a file • Traverse the file system
  • 14. Directory Organization • Efficiency – locating a file quickly • Naming – convenient to users • Two users can have same name for different files • The same file can have several different names • Grouping – logical grouping of files by properties, (e.g., all Java programs, all games, …) The directory is organized logically to obtain
  • 15. File System Mounting Just as a file must be opened before it is used, a file system must be mounted before it can be available to processes on the system. The operating system is given the name of the device and the mount point—the location within the file structure where the file system is to be attached. Typically, a mount point is an empty directory. For instance, on a UNIX system, a file system containing a user’s home directories might be mounted as /home then, to access the directory structure within that file system, we could precede the directory names with /home, as in /home/jane.
  • 17. File System File systems provide efficient and convenient access to the disk by allowing data to be stored, located, and retrieved easily.
  • 19. File System Layers • I/O Control - manage I/O devices at the I/O control layer • Its input consists of high level commands such as retrieve block 123 • Its output will be low-level hardware specific commands to hardware controller, which interfaces the I/O device to the rest of the system • Basic file system needs only to issue generic commands to the appropriate device driver to read & write physical blocks on the disk. • Given commands like “read drive1, cylinder 72, track 2, sector 10, into memory location 1060” • Also manages memory buffers and caches (allocation, freeing, replacement) • Buffers hold data in transit • Caches hold frequently used data • File organization module understands files, logical address, and physical blocks ● Translates logical block # to physical block # ● Manages free space, disk allocation
  • 20. File System Layers (Cont.) • Logical file system manages metadata information • Translates file name into file number, file handle, location by maintaining file control blocks (inodes in UNIX) • Directory management • Protection • Layering useful for reducing complexity and redundancy, but adds overhead and can decrease performance. Translates file name into file number, file handle, location by maintaining file control blocks (inodes in UNIX) • Logical layers can be implemented by any coding method according to OS designer
  • 21. File-System Implementation Two types of structures used-On-disk and in-memory structures 1)On-disk Structures • Boot control block contains info needed by system to boot OS from that volume • Needed if volume contains OS, usually first block of volume • Volume control block (superblock, master file table) contains volume details • Total # of blocks, # of free blocks, block size, free block pointers or array • Directory structure organizes the files • Names and inode numbers, master file table
  • 22. File-System Implementation (Cont.) • Per-file File Control Block (FCB) contains many details about the file • inode number, permissions, size, dates • It has a unique identifier number to allow association with a directory entry • NTFS stores into in master file table using relational DB structures
  • 23. Other Structures used for file system implementation In-memory structures used: An in-memory mount table contains information about each mounted volume. In-memory directory structure holds the directory information of recently accessed directories The system-wide open-file table contains a copy of the FCB of each open file, as well as other information. The per-process open-file table contains a pointer to the appropriate entry in the system-wide open-file table, as well as other information. Buffers hold file-system blocks when they are being read from disk or written to disk.
  • 24. Creating New File To create a new file, an application program calls the logical file system. The logical file system knows the format of the directory structures. To create a new file, it allocates a new FCB. The system then reads the appropriate directory into memory, updates it with the new file name and FCB, and writes it back to the disk. File Control Block (FCB) contains many details about the file inode number, permissions, size, dates
  • 25. Reading File The open() call passes a file name to the logical file system. The open() system call first searches the system-wide open-file table to see if the file is already in use by another process. If it is, a per-process open-file table entry is created pointing to the existing system-wide open-file table. If the file is not already open, the directory structure is searched for the given file name. Parts of the directory structure are usually cached in memory to speed directory operations. Once the file is found, the FCB is copied into a system-wide open-file table in memory. This table not only stores the FCB but also tracks the number of processes that have the file open.
  • 27. Types of Access Methods for Files • Sequential • Direct • And other access methods
  • 28.
  • 29. Sequential Access ⮚ Most common operations on Files -Read -Write ⮚ File Pointer Whenever a file is opened for READ/WRITE operation on a file , a file pointer is maintained to keep track of the current position in the file
  • 30. Operations • Sequential Access read next(reads the next portion of file & automatically advances file pointer,which tracks the I/O location. write next (appends to the end of the file & advances to the end of the newly written material reset-reset to the begining
  • 31.
  • 32.
  • 33. Direct Access Direct Access – file is fixed length logical records read n write n Alternative approach- position to n read next write next rewrite n n = relative block number • Relative block numbers allow OS to decide where file should be placed.
  • 34. Other Access Methods • Can be built on top of base methods • Generally involve creation of an index for the file • The index, similar to the index of the book ,contains pointers to the various blocks • Keep index in memory for fast determination of location of data to be operated on • If too large, index (in memory) of the index (on disk) • IBM indexed sequential-access method (ISAM) • Small master index, points to disk blocks of secondary index • File kept sorted on a defined key • All done by the OS
  • 35. Example of Index and Relative Files
  • 36. Partitions and Mounting • Partition can be a volume containing a file system (“cooked”) or raw – just a sequence of blocks with no file system • Boot information can be stored in a separate partition • Boot information is generally a series of blocks loaded as an image to memory • Boot block can point to boot volume or boot loader set of blocks that contain enough code to know how to load the kernel • Or a boot management program for multi-os booting • Root partition contains the OS, other partitions can hold other Oses, other file systems, or be raw • Mounted at boot time • Other partitions can mount automatically or manually • At mount time, file system consistency checked • Is all metadata correct? • If not, fix it, try again • If yes, add to mount table, allow access
  • 37. Directory Implementation • Linear list of file names with pointer to the data blocks • Simple to program • Time-consuming to execute • Linear search time • Could keep ordered alphabetically via linked list or use B+ tree • Hash Table – linear list with hash data structure • Decreases directory search time • Collisions – situations where two file names hash to the same location • Only good if entries are fixed size, or use chained- overflow method
  • 38. Directory Implementation Linear List: Linear list of file names with pointer to the data blocks To create a new file, we must first search the directory to be sure that no existing file has the same name. Then, we add a new entry at the end of the directory. To delete a file,we search the directory for the named file and then release the space allocated to it. To reuse the directory entry, we can do one of several things. We can mark the entry as unused (by assigning it a special name, such as an all-blank name, or by including a used– unused bit in each entry), or we can attach it to a list of free directory entries. A third alternative is to copy the last entry in the directory into the freed location and to decrease the length of the directory. A linked list can also be used to decrease the time required to delete a file. Advantage & disadvantage Simple to program Time-consuming to execute Linear search time Could keep ordered alphabetically via linked list or use B+ tree
  • 39. Allocation Methods - Contiguous • An allocation method refers to how disk blocks are allocated for files: • Contiguous allocation – each file occupies set of contiguous blocks • Best performance in most cases • Simple – only starting location (block #) and length (number of blocks) are required • Problems include finding space for file, knowing file size, external fragmentation, need for compaction off-line (downtime) or on-line
  • 40. Hash Table A linear list stores the directory entries, but a hash data structure is also used. The hash table takes a value computed from the file name and returns a pointer to the filename in the linear list. Therefore, it can greatly decrease the directory search time. Decreases directory search time Collisions – situations where two file names hash to the same location Only good if entries are fixed size, or use chained-overflow method
  • 41. Allocation Methods How to allocate space to these files so that disk space is utilized effectively and files can be accessed quickly. Three major methods of allocating disk space are in wide use: contiguous, linked, and indexed. Continious Allocation Contiguous allocation requires that each file occupy a set of contiguous blocks on the disk. Disk addresses define a linear ordering on the disk. Contiguous allocation of a file is defined by the disk address and length (in block units) of the first block. If the file is n blocks long and starts at location b, then it occupies blocks b, b + 1, b + 2, ..., b + n − 1. The directory entry for each file indicates the address of the starting block and the length of the area allocated for this file
  • 43. Allocation Methods - Linked • Linked allocation – each file a linked list of blocks • File ends at nil pointer • No external fragmentation • Each block contains pointer to next block • No compaction, external fragmentation • Free space management system called when new block needed • Improve efficiency by clustering blocks into groups but increases internal fragmentation • Reliability can be a problem • Locating a block can take many I/Os and disk seeks
  • 45. Allocation Methods – Linked (Cont.) • FAT (File Allocation Table) variation • A section of disk at the beginning of each volume has table; table has one entry for each disk block indexed by block number • Much like a linked list, but faster on disk and cacheable • New block allocation simple
  • 46. File-Allocation Table ⮚ FAT Structure for a file consisting of disk blocks 217,618,339 ⮚ FAT allocation scheme results in significant no of disk head seeks,unless the FAT is cached.
  • 47. Example of Indexed Allocation
  • 48. Example of Indexed Allocation All the pointers together into one location: the index block Each file has its own index block, which is an array of disk-block addresses. The ith entry in the index block points to the ith block of the file. The directory
  • 49. Overview of Unix File System • A hierarchical structure • consistent treatment of file data • the ability to create and delete files • dynamic growth of files • the protection of file data • the treatment of peripheral devices as files • Many different filesystem approaches are supported by Linux — the standard filesystems Ext2 and Ext3, ReiserFS, XFS, VFAT (for reasons of compatibility with DOS), and countless more.
  • 51. PathName • The filesystem is presented as a single unified hierarchy that starts at the directory / and • continues downward through an arbitrary number of subdirectories. • / is also called the root directory. • Each non-leaf node of the file system structure is a directory of files. • Each leaf node can be either directory, regular files or special device files. • Absolute and relative paths: • The list of directories that must be traversed to locate a particular file plus that file’s filename form a pathname. • Pathnames can be either absolute (/tmp/foo) or relative (book4/filesystem). • Relative pathnames are interpreted starting at the current directory. • Command used to alter the current directory : cd • Command to know the current directory : pwd
  • 52. • $ cd /usr/src/uts • $ cd ../.. • The current working directory is represented by a dot i.e. . • The parent directory of the current directory is referred by ..
  • 53. Internal representation of a file ❑ Internal representation of a file is given by an inode, which contains a description of the disk layout of the file data and other information such as the file owner, access permissions, and access times. ❑ Every file has one inode, but it may have several names, all of which map into the inode. ❑ Each name is called a link. ❑ The command gives the information of the inodes assigned . ❑ When a process creates a new file, the kernel assigns it an unused inode. • $ ls –il
  • 54. More on Inodes • Exists in a static form on disk and the kernel reads them into an in-core inode to manipulate them. • Disk Inodes consists of following fields: ❑ File Owner identifier •Ownership of file is divided between Individual owner and “Group” owner , and defines the set of users who have access rights to file. ❑ File Type •Regular, directory, character or block special , FIFO(pipe) ❑ File Access permissions • To protect by three classes(owner, group, other) : Read, write, execute permissions are provided which can be set individualy.
  • 55. Continued.. ❑ File Access times • Last modified time, Last access time, Last modification time of Inode ❑ Number of links to the file • Represents no. of names the file has in directory hierarchy. ❑ Table of contents for the disk address of data in a file •Users treat data as logical stream of bytes but kernel saves the data in discontiguous disk blocks. The Inodes identifies the disk blocks that contain file’s data. ❑ File Size • Size of file in bytes
  • 57. Continued.. ❑ Inodes are stored in the file system, but the kernel reads them into an in-core (in-memory) inode table when manipulating files. ❑ The kernel contains two other data structures, • the file table and • the user file descriptor table. ❑ The file table is a global kernel structure, but the user file descriptor table is allocated per process. ❑ When a process opens or creats a file, the kernel allocates an entry from each table, corresponding to the file's inode. ❑ Entries in the three structures -- user file descriptor table, file table, and inode table -- maintain the state of the file and the user's access to it. ❑ The file table keeps track of the byte offset in the file where the user's next read or write will start, and the access rights allowed to the opening process. ❑ The user file descriptor table identifier all open files for a process.
  • 59.
  • 60. File System Layout A file system has the following structure: • The boot block occupies the beginning of a file system, typically the first sector, and may contain the bootstrap code that is read into the machine to boot , or initialize, the operating system. Although only one boot block is needed to boot the system, every file system has a (possibly empty) boot block.
  • 61. Continued.. • The super block describes the state of a file system -- how large it is, how many files it can store, where to find free space on the file system, and other information. • The inode list is a list of inodes that follows the super block in the file system. Administrators specify the size of the inode list when configuring a file system. The kernel references inodes by index into the inode list. • One inode is the root inode of the file system: it is the inode by which the directory structure of the file system is accessible after execution of the mount system call. • The data blocks start at the end of the inode list and contain file data and administrative data. An allocated data block can belong to t one and only one file in the file system.
  • 63. FILE ATTRIBUTES / ACCESS PERMISSIONS ❑ Every file has a set of nine permission bits that control who can read, write, and execute the contents of the file. ❑ Together with three other bits that primarily affect the operation of executable programs, these bits constitute the file’s “mode.” ❑ The twelve mode bits are stored together with four bits of file-type information in a 16 – bit word ❑ The four file-type bits are set when the file is first created and cannot be changed, but the file’s owner and the superuser can modify the twelve mode bits with the chmod (change mode) command. ❑ Use ls -l (or ls -ld for a directory) to inspect the values of these bits.
  • 64. The permission bits ❑ Nine permission bits determine what operations may be performed on a file and by whom. ❑ Instead, three sets of permissions define access for the owner of the file, the group owners of the file, and everyone else (in that order) ❑ Each set has three bits: a read bit, a write bit, and an execute bit (also in that order). ❑ The topmost three bits control access for the owner, The second three control access for the group, The last three control access for everyone else (“the world”). ❑ In each triplet, the high bit is the read bit, the middle bit is the write bit, and the low bit is the execute bit.
  • 65. TRADITIONAL UNIX ACCESS CONTROL ⮚ Rules that shaped the system’s design to implement the access control: • Objects (e.g., files and processes) have owners. Owners have broad (but not necessarily unrestricted) control over their objects. • You own new objects that you create. • The special user account called “root” can act as the owner of any object. • Only root can perform certain sensitive administrative operations
  • 66. Filesystem access control • In the traditional model, every file has both an owner and a group • The owner can set the permissions of the file. The permissions can be set so restrictively that no one else can access it. • Although the owner of a file is always a single person, many people can be group owners of the file, as long as they are all part of a single group. • The owner of a file gets to specify what the group owners can do with it. This scheme allows files to be shared among members of the same project.
  • 67. • Both the kernel and the filesystem track owners and groups as numbers rather than as text names. • In the most basic case, user identification numbers (UIDs for short) are mapped to usernames in the /etc/passwd file, and group identification numbers (GIDs) are mapped to group names in /etc/group.
  • 68. The root account • The root account is UNIX’s omnipotent administrative user. It’s also known as the superuser account, although the actual username is “root”. • Traditional UNIX allows the superuser (that is, any process whose effective UID is 0) to perform any valid operation on any file or process. • Examples of restricted operations are • Changing the root directory of a process with chroot • Creating device files • Setting the system clock • Raising resource usage limits and process priorities • Setting the system’s hostname • Configuring network interfaces • Opening privileged network ports (those numbered below 1,024) • Shutting down the system
  • 69. Advantages • Traditional access control has its own advantages: • It’s simple, predictable, and capable of handling the majority of access control requirements at the average site. • All UNIX and Linux variants continue to support this model, and it remains the default approach and the one that’s most widely used today.
  • 70. ShortComings Traditional access control has some obvious shortcomings: • From a security perspective, the root account represents a potential single point of failure. • If it’s compromised, the integrity of the whole system is violated. There is no limit to the damage an attacker can inflict. • The only way to subdivide the special privileges of the root account is by writing setuid programs. • Unfortunately, as the Internet’s steady stream of security updates demonstrates, it’s difficult to write truly secure software.
  • 71. ShortComings • The security model isn’t strong enough for use on a network. • No computer to which an unprivileged user has physical access can be trusted to accurately represent the ownerships of the processes it’s running • Many high-security environments enforce conventions that simply can’t be implemented with traditional UNIX security. • For example, United States government standards require computer systems to forbid privileged users (e.g., those with Top Secret security clearance) from republishing high-security documents at a lower security level. • Traditional UNIX security depends on the good will and skill of individual users in this regard.
  • 72. ShortComings • Because many access-control-related rules are embedded in the code of individual commands and daemons, you cannot redefine the system’s behavior without modifying the source code and recompiling. But that’s not practical in the real world. • There is minimal support for auditing. You can easily see which groups a user belongs to, but you can’t necessarily determine what those group memberships permit a user to do.
  • 73. REAL-WORLD ACCESS CONTROL • In spite of all the glamorous possibilities outlined in the last few sections, most sites still use the traditional root account for system administration. • Since root access is absolutely necessary for system administration and also the pivot point for system security, husbandry of the root account is a crucial skill.
  • 74. Choosing a root password • The most important characteristic of a good password is length. The root password should be at least eight characters long; seven- character passwords are substantially easier to crack. • On systems that use DES passwords, it doesn’t help to use a password longer than eight characters because only the first eight are significant. One can enable MD5 or Blowfish encryption for passwords. These can be longer and are more secure. • Password security is increased enormously if you include numbers, punctuation marks, and capital letters
  • 75. Change the root password • At least every three months or so • Every time someone who knows the password leaves your site • Whenever you think security may have been compromised
  • 76. Logging in to the root account • Since root is just another user, you can log in directly to the root account and work your will upon the system. • However, this turns out to be a bad idea. To begin with, it leaves no record of what operations were performed as root. • Another disadvantage is that the log-in-as-root scenario leaves no record of who was really doing the work. If several people have access to the root account, you won’t be able to tell who used it and when. • For these reasons, most systems allow root logins to be disabled on terminals, through window systems, and across the network— everywhere but on the system console
  • 77. su: substitute user identity • A marginally better way to access the root account is to use the su command. • If invoked without arguments, su prompts for the root password and then starts up a root shell. • Root privileges remain in effect until you terminate the shell by typing <Control-D> or the exit command. • su doesn’t record the commands executed as root, but it does create a log entry that states who became root and when.
  • 78. sudo: limited su • sudo keeps a log of the command lines that were executed, the hosts on which they were run, the people who requested them, the directory from which they were run, and the times at which they were invoked. Refers the file /etc/sudoers • The use of sudo has the following advantages: • Accountability is much improved because of command logging. • Operators can do chores without unlimited root privileges. • The real root password can be known to only one or two people. • It’s faster to use sudo than to use su or to log in as root. • Privileges can be revoked without the need to change the root password. • A canonical list of all users with root privileges is maintained. • There is less chance of a root shell being left unattended. • A single file can be used to control access for an entire network.
  • 79. Role Based Access Control • Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to superuser. • By applying security attributes to processes and to users, RBAC can divide up superuser capabilities among several administrators. • Process rights management is implemented through privileges. • User rights management is implemented through RBAC.
  • 80. • RBAC uses the security principle of least privilege. • Least privilege means that a user has precisely the amount of privilege that is necessary to perform a job. • Ordinary users have enough privilege to use their applications, check the status of their jobs, print files, create new files, and so on. • Capabilities beyond ordinary user capabilities are grouped into rights profiles. • Users who are expected to do jobs that require some of the capabilities of superuser assume a role that includes the appropriate rights profile.
  • 81. • RBAC collects superuser capabilities into rights profiles. • These rights profiles are assigned to special user accounts that are called roles. • A user can then assume a role to do a job that requires some of superuser's capabilities. • Example of role ( Solaris ) • Primary Administrator – A powerful role that is equivalent to the root user, or superuser. • System Administrator – A less powerful role for administration that is not related to security. This role can manage file systems, mail, and software installation. However, this role cannot set passwords. • Operator – A junior administrator role for operations such as backups and printer management. • Roles can be set up for special-purpose administrators in areas such as security, networking, or firewall administration.