File Protection-Operating Systems-Lecture Notes, Study notes of Operating Systems

Operating Systems is necessary course in Computer Science. Its about threading, process scheduling, deadlocks, memory management etc. This lecture includes: File, Protection, Access, Operations, Execute, Load, Index, Link, Contiguous, Delete

Typology: Study notes

2011/2012

Uploaded on 08/06/2012

sarang
sarang 🇮🇳

4.5

(47)

86 documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
229
Operating Systems Lecture No.44
Operating Systems
Lecture No. 44
Reading Material
Chapters 11 and 12 of the textbook
Lecture 44 on Virtual TV
Summary
File Protection
In-Memory Data Structures
Space Allocation Techniques
Contiguous, Linked, Index
Protection
The need to protect files is a direct result of the ability to access files. Systems that do not
permit access to the files of other users do not need protection. Thus we could provide
complete protection by prohibiting access. Alternatively we could provide free access
with no protection. Both approaches are too extreme for general use. What is needed is
controlled access. File owner/creator should be able to control
What can be done
By whom
Several types of operations may be controlled:
Read: read from the file
Write: write or rewrite to the file
Execute: Load the file into memory and execute it
Append: Write new information at the end of the file
Delete: Delete the file and free its space for possible reuse
List: List the name and attributes of the file
UNIX Protection
UNIX recognizes three modes of access: r
re
ea
ad
d, w
wr
ri
it
te
e, and e
ex
xe
ec
cu
ut
te
e
(r, w, x). The execute
permission on a directory specifies permission to s
se
ea
ar
rc
ch
h the directory.
The three classes of users are:
O
Ow
wn
ne
er
r:
:
u
us
se
er
r
i
is
s
t
th
he
e
o
ow
wn
ne
er
r
o
of
f
t
th
he
e
f
fi
il
le
e
G
Gr
ro
ou
up
p: someone who belongs to the same group as the owner
O
Ot
th
he
er
rs
s:
:
e
ev
ve
er
ry
yo
on
ne
e
e
el
ls
se
e
w
wh
ho
o
h
ha
as
s
a
an
n
a
ac
cc
co
ou
un
nt
t
o
on
n
t
th
he
e
s
sy
ys
st
te
em
m
A user’s access to a file can be specified by an octal digit. The first bit of the octal digit
specifies the read permission, the second bit specifies the write permission, and the third
bit specifies the execute permission. A bit value 1 indicates permission for access and 0
indicates no permission. Here is an example:
docsity.com
pf3
pf4
pf5

Partial preview of the text

Download File Protection-Operating Systems-Lecture Notes and more Study notes Operating Systems in PDF only on Docsity!

Operating Systems Lecture No.

Operating Systems

Lecture No. 44

Reading Material

 Chapters 11 and 12 of the textbook  Lecture 44 on Virtual TV

Summary

 File Protection  In-Memory Data Structures  Space Allocation Techniques  Contiguous, Linked, Index

Protection

The need to protect files is a direct result of the ability to access files. Systems that do not permit access to the files of other users do not need protection. Thus we could provide complete protection by prohibiting access. Alternatively we could provide free access with no protection. Both approaches are too extreme for general use. What is needed is controlled access. File owner/creator should be able to control  What can be done  By whom Several types of operations may be controlled:  Read: read from the file  Write: write or rewrite to the file  Execute: Load the file into memory and execute it  Append: Write new information at the end of the file  Delete: Delete the file and free its space for possible reuse  List: List the name and attributes of the file

UNIX Protection UNIX recognizes three modes of access: rreeaadd , wwrriittee , and eexxeeccuuttee (r, w, x). The execute permission on a directory specifies permission to seseaarrcchh the directory. The three classes of users are: ^ OOwwnneerr::^ ususeerr iiss tthhee oowwnneerr ooff tthhee ffiillee  GGrroouupp: someone who belongs to the same group as the owner  OOtthheerrss:: eveveerryyoonnee eellssee wwhhoo hhaass aann aaccccoouunntt oonn tthhee ssyysstteemm A user’s access to a file can be specified by an octal digit. The first bit of the octal digit specifies the read permission, the second bit specifies the write permission, and the third bit specifies the execute permission. A bit value 1 indicates permission for access and 0 indicates no permission. Here is an example:

rr ww xx a) Owner access: 7 1 1 11 1 1 b) Group access: 6 1 1 11 0 0 c) Public access: 1 0 0 00 1 1

Each user in a UNIX system belongs to a group of users as assigned by the system administrator when a user is allocated an account on the system. A user can belong to multiple groups, but a typical UNIX user belongs to a single group. For a particular file or subdirectory, we need to set appropriate (^) aacccceessss peperrmmiissssiioonnss for proper protection.

DDeeffaauulltt PPeerrmmiissssiioonnss The default permissions on a UNIX/Linux system are 777 for executable files and directories and 666 for text files. You can use the uummaasskk command to set permission bits on newly created files and directories to 1, except for those bits that are set to 1 in the ‘mask’. You can use the chmod command to set permissions on existing files and directories. We give some examples of the chmod and umask commands below.

ow ownneerr (^) ggrroouupp (^) ootthheerrss

chmod 761 game

Read, Write, Execute

Read, Write Execute

File Control Block

A file control block is a memory data structure that contains most of the attributes of a file. In UNIX, this data structure is called inode (for index node). Here are possible values in this data structure.

UNIX inode

In-Memory Data Structures

The following upper-level data structures needed for file system support.  An in-memory partition table containing information about each mounted partition  An in-memory directory structure that holds the directory information of recently accessed directories  The system-wide open file table contains pointer to the FCB (UNIX inode) of each open file as well as read/write pointer  The FCB for each open file  The per process file descriptor table contains a pointer to the appropriate entry in the system wide open file table as well as other information Here are the connections between various in-memory data structures. UNIX specific mappings follow this diagram.

Connections between various in-memory data structures

From File Descriptor to File Contents—The UNIX/Linux In-Memory Data Structures

The open call passes a file name to the file system. When a file is opened, the directory structure is searched for the given file name and file’s inode. An entry is made in the per process open-file table (aka the file descriptor table), with a pointer to the entry in the system wide open file table. The system wide open file table contains the pointer to the current location in the file and a pointer to file’s inode. The open call returns an index for the appropriate entry in the per-process file system table. All file operations are performed via this index, which is called the file descriptor in UNIX/Linux jargon.

Space Allocation Methods

We now turn to some file system implementation issues, in particular space allocation techniques and free space management methods. Here are the three commonly used methods for file space allocation. ^ CCoonnttiigguuoouuss aallllooccaattiioonn ^ LLiinnkkeedd aallllooccaattiioonn ^ IInnddeexxeedd aallllooccaattiioonn

Contiguous Allocation The contiguous allocation method requires each file to occupy a set of contiguous blocks on the disk. The directory entry for each file contains starting block number and file size (in blocks). Disk addresses define a linear ordering on the disk. With this ordering, assuming only one job is accessing the disk, accessing b+1 block after block b normally requires no head movement. When head movement is needed it is only one track. Both sequential and direct access can be supported by contiguous allocation. For direct access to block I of a file that starts at block b we can immediately access block b+i.

Per Process File Descriptor Table

OPEN_MAX — 1

File’s contents

File Descriptor

…^ …

File Table

Inode Table

Linked allocation

Index Allocation Indexed allocation brings all the pointers to the block together into a disk block, known as the (^) iinnddeexx bblloocckk .. HHeerree iiss tthhee llooggiiccaall vviieeww ooff tthhee rreellaattiioonnsshhiipp bbeettwweeeenn aann iinnddeexx bblloocckk aanndd aa ffiillee’’ss ddaattaa bblloocckkss..

Logical view of index allocation

Each file has its own index block, which is an array of disk block addresses. The i th entry in the index block points to the i th block of the file. The directory contains the address of the index block. To read the i th block, we use the pointer in the i th index-block entry to find and read the desired block Here is an example of index allocation.

Index allocation

Index table

Data blocks