Chapter 11: File-System Interface(文件系统接口) 11.1 File Concept 文件概念 11.2 Access Methods 存取方法 11.3 Directory Structure 目录结构 11.4 File System Mounting 文件系统安装 11.5 File Sharing 文件共享 11.6 Protection 保护 Operating System Concepts
11.1 File Concept (文件概念) 信息是计算机系统中的重要资源。操作系统中的一个重要组成部分,文件系统,就负责信息的组织、存储和访问。 文件是具有符号名的数据项的集合。文件名是文件的标识符号。文件包括两部分: 文件体:文件本身的信息; 文件说明:文件存储和管理信息;如:文件名、文件内部标识、文件存储地址、访问权限、访问时间等; Operating System Concepts
11.1 File Concept (文件概念) 计算机对系统中软件资源:无论是程序或数据、系统软件或应用软件都以文件方式来管理。 文件是存贮在某种介质上的(如磁盘、磁带等)并具有文件名的一组有序信息的集合。 文件的类型: 按用途分类按文件中的 数据形式分类 按存取控制 属性 分类按文件的逻辑结构分类 按文件的物 理结构分类 系统文件 源文件 只执行文件 有结构文件 顺序文件 用户文件 目标文件 只读文件 无结构文件 链接文件 库文件 可执行文件 读写文件 索引文件 Operating System Concepts
11.1 File Concept (文件概念) 文件系统是操作系统中管理文件的机构,提供文件存储和访问功能。 文件系统的功能就是提供高效、快速和方便的信息存储和访问功能。 目录是由文件说明索引组成的用于文件检索的特殊文件。 Operating System Concepts
UNIX 文件 UNIX 将文件分成四类:普通文件、目录文件、设备文件(特殊文件)和符号连接文件(Symbolic link)。 UNIX把所有I/O设备作为特殊文件,对I/O设备操作模仿为对普通文件的存取,这样将文件与设备的I/O尽可能统一起来。 UNIX用ls长列表显示时第一个字符表示文件类型:“-”表示普通文件,“d”表示目录文件,“l”表示符号连接文件,c、b、p分别表示字符设备、块设备和FIFO管道的特殊文件。 Operating System Concepts
文件管理的目的 方便的文件访问和控制:以符号名称作为文件标识,便于用户使用; 并发文件访问和控制:在多道程系统中支持对文件的并发访问和控制; 统一的用户接口:在不同设备上提供同样的接口,方便用户操作和编程; 多种文件访问权限:在多用户系统中的不同用户对同一文件会有不同的访问权限; 优化性能:存储效率、检索性能、读写性能; 差错恢复:能够验证文件的正确性,并具有一定的差错恢复能力; Operating System Concepts
文件系统的结构 Operating System Concepts
文件管理的服务功能元素 (文件系统向上层用户提供的服务) 文件访问:文件的创建、打开和关闭,文件的读写; 目录管理:用于文件访问和控制的信息,不包括文件内容 文件结构管理:划分记录,顺序,索引 访问控制:并发访问和用户权限 限额(quota):限制每个用户能够建立的文件数目、占用外存空间大小等 审计(auditing):记录对指定文件的使用信息(如访问时间和用户等),保存在日志中 Operating System Concepts
文件系统的实现功能元素 (文件系统要实现的功能模块) 文件的分块存储:与外存的存储块相配合 I/O缓冲和调度:性能优化 文件定位:在外存上查找文件的各个存储块 外存存储空间管理:如分配和释放。主要针对可改写的外存如磁盘。 外存设备访问和控制:包括由设备驱动程序支持的各种基本文件系统如硬盘,软盘,CD ROM等 Operating System Concepts
11.1 File Concept (文件概念) Contiguous logical address space 相邻的逻辑地址空间 Types: Data numeric character binary Program Operating System Concepts
File Structure(文件结构) None - sequence of words, bytes(顺序的字和字节) Simple record structure(简单的记录结构) Lines (线性) Fixed length(固定长度) Variable length(可变长度) Complex Structures(复杂结构) Formatted document(规格化的文档) Re-locatable load file(可重定位文件) Can simulate last two with first method by inserting appropriate control characters. (可以用第一个方法通过增加适当的控制字符来模拟后两种方法) Who decides(需要决定) Operating system(操作系统) Program(程序) Operating System Concepts
11.1.1 File Attributes(文件属性) Name – only information kept in human-readable form. (文件名:唯一的以人们可以理解的方式保存的信息) Identifier – This unique tag, usually a number, identifies the file within the file system; it’s the non-human-readable name for the file Type – needed for systems that support different types. (类型:需要可以支持多种类型的系统) Location – pointer to file location on device. (位置:指向文件在设备上的存储位置的指针) Size – current file size. (大小:当前文件的大小) Protection – controls who can do reading, writing, executing. (保护:控制对文件的读取,改写和执行的权限) Time, date, and user identification – data for protection, security, and usage monitoring. (时间,日期和用户身份:保护和安全需要的数据) Information about files are kept in the directory structure, which is maintained on the disk. (文件的信息保存在磁盘上的目录结构中) Operating System Concepts
11.1.2 File Operations (文件操作) Create(创建): two steps: Find the space in the file system for the file Made an entry in the directory for the new file Write(改写): make a system call (specifying the name of the file and information to be written to the file) Keep a write pointer Read(读取): make a system call (specifying the name of the file and where (in memory) the next block of the file should be put) Keep a read pointer (current-file-position pointer) Reposition within file – also known as file seek(重定位文件,文件搜索) Delete(删除) Search the directory for the named file Release all file space Erase the directory entry Operating System Concepts
11.1.2 File Operations (文件操作) Truncate(截去): Erase the contents of a file but keep its attributes Open(Fi) – search the directory structure on disk for entry Fi, and move the content of entry to memory. (打开(Fi):在磁盘上的目录结构中搜寻Fi的表项,然后把表项的内容移动到内存中) the OS keep a small table containing information about all open files (the open-file table) Close (Fi) – move the content of entry Fi in memory to directory structure on disk. (关闭(Fi):把Fi在内存中的表项内容移动到磁盘中 Operating System Concepts
11.1.2 File Operations (文件操作) Information associated with an open file File pointer File open count Disk location of the file Access rights Operating System Concepts
11.1.3 File Types – Name, Extension Operating System Concepts
11.1.3 File Types MS-DOS :Include the type as part of the file name [fig.11.1] A name An extension TOPS-20: If the user tries to execute an object program whose source file has been modified since the object file was produced, the source file will be recompiled automatically. operating system Ensure the user always run an up-to-date object file Apple Macintosh: Each file has a type. Each file also has a creator attribute containing the name of the program that created it Unix: unable to provide such a feature above because it uses a crude magic number Operating System Concepts
11.1.5 Internal File Structure Logical record Physical record Packing technique (how to pack a number of logical records into physical blocks) Internal fragmentation The larger the block size, the greater the internal fragmentation Operating System Concepts
11.2 Access Methods Sequential Access(顺序存取) Direct Access (直接存取) Other Access Methods Index Multiple index Operating System Concepts
11.2.1 Sequential Access(顺序存取) Based on a tape model of a file read next(读下一个) write next (写下一个) reset(复位) no read after last write(未曾读取) (rewrite) Operating System Concepts
11.2.2 Direct Access(直接存取 or relative access ) Based on a disk model of a file. A file is made up of fixed-length logical records read n(读第n项纪录) write n(写第n项纪录) position to n(移动位置到第n项纪录) read next(读下一个) write next (写下一个) rewrite n(重写第n个纪录) n = relative block number(n为相对块数) Great use for immediate access to large amounts of information, such as databases Operating System Concepts
11.2.2 Direct Access(直接存取 or relative access ) It’s easy to simulate sequential access on a direct-access file But it’s extremely inefficient and clumsy to simulate a direct-access file on a sequential access file Operating System Concepts
11.2.3 Other Access Methods Index: like an index in the back of a book. To find a record in the file, we first search the index, and then use the pointer to access the file directly and to find the desired record Operating System Concepts
11.2.3 Other Access Methods With large files, the index file itself may become too large to be kept in memory. One solution: to create an index for the index file. For example, IBM’s indexed sequential-access method(ISAM) uses a small master index that points to disk blocks of a secondary index Operating System Concepts
11.3 Directory Structure(目录结构) A collection of nodes containing information about all files. (一个包含着所有文件信息的节点的集合) F 1 F 2 F 3 F 4 F n Directory Files Both the directory structure and the files reside on disk. (目录结构和文件都在磁盘上) Backups of these two structures are kept on tapes. (备份放在磁带上) Operating System Concepts
Fig 11.5 A Typical File-system Organization Operating System Concepts
Information in a Device Directory 设备目录中的信息 Name (名称) Type(类型) Address (地址) Current length(当前长度) Maximum length(最大长度) Date last accessed (for archival)(最后访问时间) Date last updated (for dump)(数据最后更新时间) Owner ID (who pays)(所有者ID) Protection information (discuss later)(保护信息) Operating System Concepts
Operations Performed on Directory 目录操作 Search for a file(查找文件) Create a file(建立文件) Delete a file(删除文件) List a directory(显示目录) Rename a file(重命名文件) Traverse the file system(遍历操作文件系统) Operating System Concepts
Organize the Directory (Logically) to Obtain 目录组织 Efficiency – locating a file quickly. 效率:快速地定位一个文件 Naming – convenient to users.(命名:方便用户) Two users can have same name for different files. (两个用户可以有相同名字的不同文件) The same file can have several different names. (相同的文件可以有不同的名字) Grouping – logical grouping of files by properties, (e.g., all Pascal programs, all games, …) 分组:从逻辑上对文件按属性进行分组,比如所有的Pascal程序,游戏 Operating System Concepts
11.3.1 Single-Level Directory 单级目录 A single directory for all users. Limitations: Naming problem 有命名冲突:如重名(多个文件有相同的文件名) 或别名(一个文件有多个不同的文件名) Grouping problem 文件多时,目录检索时间长; Operating System Concepts
11.3.2 Two-Level Directory 两级目录 Separate directory for each user. User file directory (UFD) Master file directory(MFD) Operating System Concepts
11.3.2 Two-Level Directory 两级目录 在根目录下,每个用户对应一个目录(第二级目录);在用户目录下是该用户的文件,而不再有下级目录。适用于多用户系统,每个用户可有自己的专用目录。 Path name Can have the same file name for different user Efficient searching No grouping capability Special user directory is defined to contain system files Default search path Most used in Unix and MS-DOS Operating System Concepts
11.3.3 Tree-Structured Directories 树型目录 Operating System Concepts
11.3.3 Tree-Structured Directories 树型目录 多级目录:或称为树型目录(tree-like)。在文件数目较多时,便于系统和用户将文件分散管理。适用于较大的文件系统管理。目录级别太多时,会增加路径检索时间。 目录名:可以修改。 目录树:中间结点是目录,叶子结点是目录或文件。 目录的上下级关系:当前目录(current directory, working directory)、父目录(parent directory)、子目录(subdirectory)、根目录(root directory)等; 路径(path):每个目录或文件,可以由根目录开始依次经由的各级目录名,加上最终的目录名或文件名来表示; Operating System Concepts
Tree-Structured Directories (Cont.) Efficient searching (有效的搜索) Grouping Capability (分组的可能) Current directory (working directory) (当前目录—工作目录) cd /spell/mail/prog type list Absolute or relative path name(绝对或相对路径名) Absolute path name Relative path name If Current directory: root/spell/mail and Absolute path name: root/spell/mail/prt/first Then the Relative path name: prt/first Operating System Concepts
Tree-Structured Directories (Cont.-1) Creating a new file is done in current directory.(建立新文件在当前路径下) Delete a file(删除一个文件) rm <file-name> Creating a new subdirectory is done in current directory.(建立新子目录在当前路径下) mkdir <dir-name> Example: if in current directory /mail mkdir count mail prog copy prt exp count Operating System Concepts
Tree-Structured Directories (Cont.-2 How to delete a directory, such as /mail? If a directory is empty, its entry in its containing directory can simply be deleted If a directory is not empty, there are two approaches: Can not delete a directory unless it’s empty. Such as MS-DOS Provide an option that all directory’s files and subdirectories are also to be deleted. Such as UNIX rm command It’s more convenient, but more dangerous Operating System Concepts
11.3.4 Acyclic-Graph Directories 无循环图结构目录 Have shared subdirectories and files. Operating System Concepts
Acyclic-Graph Directories (Cont. The implementation of shared files and subdirectories: To create a new directory entry, called a link ( a pointer to another file or subdirectory) To duplicate all information about them in both sharing directories. Thus, both entries are identical and equal Problem: difficult to maintain the consistency Deletion: possibly to exist dangling pointer Operating System Concepts
Acyclic-Graph Directories (Cont.) different file names may refer to the same file(aliasing)(别名:两个不同的名字) File/directory deletes may cause dangling pointer. Solutions:(解决方案) Deletion of a link does not need to affect the original file; only the link is removed. If the file entry is deleted, the space for the file is deallocated , leave the links dangling Another approach to deletion is to preserve the file until all references to it are deleted. Entry-hold-count solution (the number of references).(引用计数器的解决方案) Operating System Concepts
11.3.5 General Graph Directory (普通图结构目录) When we add links to an existing tree-structured directory, the tree structure is destroyed, resulting in a simple graph structure Operating System Concepts
General Graph Directory (Cont.) How do we guarantee no cycles?(如何保证无环) Allow only links to file not subdirectories. 只允许链接到文件而不允许链接到子目录 Garbage collection.(碎片收集) Every time a new link is added use a cycle detection algorithm to determine whether it is OK. 每次添加一个链接时都用一个检测算法判断是否不正确 Operating System Concepts
11.3.6 Windows FAT32目录结构 Windows98、2000长文件名的目录项由几个MS-DOS的32B目录项组成。 它用一个表项存放短文件名和这个文件或子目录的其它信息(包括MS-DOS FCB原有的簇号、文件大小,最后修改时间和最后修改日期,还有Windows98增加的创建时间、创建日期和最后存取日期),短文件名的属性是0x20。 用连续若干个表项存放长文件名,每个表项存放13个字符(使用Unicode编码,不论西文和汉字,每个字符一律占用2个字节。对西文第一个字节存ASCII码,第二个字节存0x00。) 长文件名的表项首字节的二进制数低5位值,分别为00001B 、00010B 、 00011B 、……,表示它们的次序,左起第2位为1(也就是在低5位基础上加40H)表示该表项是最后一项。最后项存放13个字符位置多余时,先用2个字节0表示结束,再用FFH填充。长文件名的属性是OFH。长文件名项的第13、27、28字节为0x00,第14字节为短文件名检验和。 长文件名The quick brown.fox(短文件名为THEQUI~1.FOX)目录项格式如下: Operating System Concepts
Windows FAT32目录结构 次序 Operating System Concepts
Windows FAT32目录结构 用Debug工具查根目录区找出其目录项显示如下: 2171:29A0 42 77 00 6E 00 2E 00 66-00 6F 00 0F 00 07 78 00 Bw.n...f.o....x. 2171:29B0 00 00 FF FF FF FF FF FF-FF FF 00 00 FF FF FF FF ................ 2171:29C0 01 54 00 68 00 65 00 20-00 71 00 0F 00 07 75 00 .T.h.e. .q....u. 2171:29D0 69 00 63 00 6B 00 20 00-62 00 00 00 72 00 6F 00 i.c.k. .b...r.o. 2171:29E0 54 48 45 51 55 49 7E 31-46 4F 58 20 00 3C C1 7B THEQUI~1FOX .<.{ 2171:29F0 6E 26 7B 27 00 00 23 51-63 26 F4 09 00 6A 02 00 n&{'..#Qc&...j.. Operating System Concepts
11.3.7 UNIX树型目录结构 UNIX为了加快目录的寻找速度,将文件控制块FCB中文件名和文件说明分开。文件说明为索引节点,各文件索引节点集中存放在索引节点区,索引节点按索引节点号排序。而文件名与索引节点号构成目录,UNIX S V 操作系统的文件名为14个字节,索引节点2个字节,共16个字节构成目录项。同一级目录构成目录文件,在文件区存放。 Linux目录文件中的目录项会变长,以保证系统支持文件名长度可变,最长达255个字符。目录项的前三项是定长的,包含以下信息:(1)索引节点号(4B);(2)目录项长度(2B);(3)文件名长度(2B)。目录项最后是文件名,目录项不能跨越二个块 。 Operating System Concepts
每个文件有一个存放在磁盘索引节点区的索引节点,称为磁盘索引节点,它包括以下内容: UNIX树型目录结构-1 每个文件有一个存放在磁盘索引节点区的索引节点,称为磁盘索引节点,它包括以下内容: 文件主标识符和同组用户标识符; 文件类型:是普通文件、目录文件、符号连接文件或特别文件(又分块设备文件或字符设备文件); 文件主,同组用户和其它人对文件存取权限(读R、写W、执行X); 文件的物理地址,用于UNIX直接、间接混合寻址的13个地址项di_addr[13]; 文件长度(字节数)di_size; 文件链接数di_nlink; 文件最近存取和修改时间等。 UNIX采用文件名和文件说明分离的目录结构如下图所示: Operating System Concepts
UNIX树型目录结构-2 ls 返8 I=1 bin boot unix usr mnt etc tmp dey 2 3 4 5 I=2 2 3 4 5 I=2 I=5 10 dir I=10 返8 Operating System Concepts
11.4 File System Mounting (文件系统安装) A file system must be mounted before it can be accessed, just as a file must be opened before it’s used. 文件系统在访问前必须安装 A unmounted file system (I.e. Fig. 11-11(b)) is mounted at a mount point. 图11-11 根据安装指针一个未安装文件系统被安装 Mount procedures安装步骤: Given the name of device and the location within the file structure (mount point, typically an empty directory) OS verify that the device contains a valid file system OS notes a file system is mounted (Fig.11.12) Common commands: mount, unmoumt Operating System Concepts
Fig 11.11 (a) Existing. (b) Unmounted Partition(reside on /device/dsk) Operating System Concepts
Mount Point Operating System Concepts
Same file system may be mounted repeatedly, at different mount point Macintosh OS: Whenever the system encounters a disk for the first time, the OS searches for a file system on the device. If it find one, it automatically mounts the file system at the root device Microsoft Windows: Maintain an extended two-level directory structure, with device and partitions with assigned a drive letter. Drive-letter:\path\to\file Unix: The mount commands are explicit Operating System Concepts
11.5 File Sharing (文件共享) 11.5.1 Multiple Users Sharing of files on multi-user systems is desirable. 在多用户系统中对文件共享是需要的。 11.5.2 Remote File Systems 11.5.2.1 The Client –Server Model 11.5.2.2 Distributed Information System 11.5.2.3 Failure Modes 11.5.3 Consistency Semantics 11.5.4 UNIX Semantics 11.5.6 Immutable-Shared-Files Semantics Operating System Concepts
File Sharing (Cont.) Sharing may be done through a protection scheme. 共享是通过保护机制实现的。 On distributed systems, files may be shared across a network. 在分布式系统中,文件可以通过网络共享。 Network File System (NFS) is a common distributed file-sharing method. 网络文件系统(NFS)是一种通用的分布式文件共享方法。 Operating System Concepts
11.5.1 Multiple Users File sharing, file naming and file protection are important Implement– maintain more file and directory attributes File/directory owner( or user) and group Example Unix: owner, group, universe User indetifiers (user IDs) (Security ID, SID in Windows NT) Group indentifiers When a user requests an operation on a file, the user ID is checked. Likewise, the group IDs Operating System Concepts
11.5.2 Remote File Systems File-sharing methods have changed First, users manually transfer files between machines via program like ftp (anonymous or authenticated access) Secondly, Distributed File System(DFS) in which remote directories are visible Recently, World Wide Web The Client-Server Model Client identification is more difficult IP address, (can be imitated) Unauthorized client can spoof(欺骗) the server Solution: encrypted key Problem: secure key exchanges Operating System Concepts
11.5.2 Remote File Systems Distributed Information Systems Distributed naming services Domain name system(DNS) Other systems provide user name/password/user ID/group ID space Unix Sun Microsystems: yellow pages (network information service, NIS) Unsecure authentication methods(including user password unencrypted) NIS+ is more secure Microsoft networks(CIFS): network login (user name and password) Naming technology: Domains Active directory Operating System Concepts
11.5.2 Remote File Systems 趋势 : Lightweight directory-access protocol (LDAP) as a secure, distributed naming mechanism Can store all user and resource information for all computers within an organization Result : secure single sign-on for users enter user information once for access to all computers within then organization Ease system administration Active directory is based on LDAP Solaris 8 allow LDAP to be used for user authentication Operating System Concepts
11.5.2 Remote File Systems Failure Modes Local file system can fail for a variety of reasons (called metadata元数据) Failure of the disk Corruption of the directory structure Disk controller failure Cable or host adapter failure … Redundant Arrays of Inexpensive Disks(RAID) to prevent the loss of disk data Remote file systems have more failure modes Hardware failure, mis-configuration, network issues System could either terminate all operations or delay operations How to recovery from failure? State infomation, stateless DFS Operating System Concepts
11.5.3 Consistency Semantics Consistency semantics(语义) is an important criterion for evaluating any file system that supports file sharing It is directly related to the process synchronization algorithms A series of file accesses( reads and writes) attempted by a users to the same file is always enclosed between the open and close operations. --- a file session Followings are some examples concern consistency: 1. Unix Semantics Write to an open file by a user is visible immediately to other users that have this file open at the same time One mode of sharing allows users to share the pointer of current location into the file A file is associated with a single physical image that is accessed as an exclusive resource Operating System Concepts
11.5.3 Consistency Semantics 2. Session Semantics (the Andrew file system) Write to an open file by a user are not visible immediately to other users that have this file open at the same time Once a file is closed, the changes made to it are visible only in sessions starting later. Already open instances of the file do not reflect these changes A file may be associated with several images at the same time 3. Immutable(不可改变的)-Shared-Files Semantics Once a file is declared as shared by its creator, it cannot be modified Two key properties: Its name may not be reused Its contents may not be altered Operating System Concepts
UNIX 文件共享 一、基于索引节点的共享方式 采用文件名和文件说明分离的目录结构有利于实现文件共享。列出当前目录的子目录和文件命令ls 是放在/bin子目录下,而/usr/bin子目录下可设置一个 DOS兼容的命令dir,这增加的命令实为执行ls命令。为了共享文件,只是在二个不同子目录下取了不同的文件名ls和dir,但它们具有相同的索引节点。UNIX这种文件的结构称为树形带勾连的目录结构。在文件的索引节点中有一个量di_nlink表示连接到该索引节点上的连接数;在用命令“ls -l”长列表显示时,文件的第2项数据项表示链接数;使用命令“ln”可给一已存在文件增加一个新文件名,即文件链接数增加1,此种链接不能跨越文件系统。用硬连接格式如下: $ln /opt/k/sco/unix/5.0.4Eb/bin/ls /usr/lx20/dir $ls –l dir -r-xr-xr-t 2 bin bin 43296 May 13 1997 dir Operating System Concepts
二、利用符号连接 采用二个文件目录表目指向同一个索引节点的连接称为文件硬连接,文件硬连接不利于文件主删除它拥有的文件,因为文件主要删除它拥有的共享文件,必须首先删除(关闭)所有的硬连接,否则就会造成共享该文件的用户的目录表目指针悬空。为此又提出另一种连接方法 符号连接。系统为共享的用户创建一个link类型的新文件,将这新文件登记在该用户共享目录项中,这个link型文件包含连接文件的路径名。该类文件在用ls命令长列表显示时,文件类型为l。 当用户要访问共享文件且正要读link型新文件时,操作系统根据link文件类型性质将文件读出的内容作为路径名去访问真正的共享文件。在UNIX中也是使用ln来建立符号连接的共享文件,这时命令为ln -s。 Operating System Concepts
$ln -s /opt/k/sco/unix/5.0.4Eb/bin/ls /usr/lx20/dir $ls –l dir 利用符号连接 如用符号连接格式如下: $ln -s /opt/k/sco/unix/5.0.4Eb/bin/ls /usr/lx20/dir $ls –l dir lrwxrwxrwx 1 lx20 group 30 Dec 27 13:34 dir -> /opt/K/SCO/Unix/5/0/4Eb/bin/ls 采用符号连接可以跨越文件系统,甚至可以通过计算机网络连接到世界上任何地方的机器中的文件,此时只需提供该文件所在的地址,以及在该机器中的文件路径。 符号连接的缺点:读取符号连接的共享文件比读取硬连接的共享文件需要增多读盘操作。读符号连接的共享文件时,系统中根据给定的文件路径名,逐个分量地去查找目录,通过多次读盘操作才能找到该文件的索引节点,而用硬连接的共享文件的目录文件表目中已包括了共享文件的索引节点号。 Operating System Concepts
11.6 Protection(保护) We want to keep file system safe from Physical damage (reliability) Improper access (protection) File owner/creator should be able to control (文件所有者应当有权限控制:) what can be done(去做什么) by whom(由谁来做) Single-user system Simple:removing the floppy disks or locking them in a desk drawer Multi-user system Complicated Operating System Concepts
11.6.1 Type of Access Types of access(访问类型) Other operations Read(读) Write(写) Execute(执行) Append(添加) Delete(删除) List(列表) Other operations Rename Copy Edit Operating System Concepts
11.6.2 Access Control Access-Control List (ACL) for each file and directory Construct such a list may be a tedious and unrewarding task Difficult to manage directory entry space(size) Improve: condense the length of the ACL Owner Group Universe The most common approach: to combine ACLs with the more general owner,group and universe access-control scheme In Unix system, define 3 fields of 3 bits each– rwx 19 -rw-r--r--+ 1 jim staff 130 May 25 22:13 file1 Operating System Concepts
Access Lists and Groups (访问列表或分组) Mode of access: read, write, execute访问模式:读写执行) Three classes of users(三种类型的用户) RWX a) owner access (所有者)7 1 1 1 RWX b) groups access(组用户)6 1 1 0 c) public access(公共用户)1 0 0 1 Ask manager to create a group (unique name), say G, and add some users to the group.(建立一个组,加入一些用户) For a particular file (say game) or subdirectory, define an appropriate access.(对特定文件或目录,定义适当的访问) owner group public chmod 761 game Attach a group to a file(加入组的信息到文件) chgrp G game Operating System Concepts
11.6.3 Other Protection Approaches A password with each file Directory protection Operating System Concepts
11.6.4 An Example: Unix In Unix system, directory protection is handled similarly to file protection See figure 11.13 in the book Operating System Concepts
Exercises 3, 7, 12 Operating System Concepts