1. 10.1 Silberschatz, Galvin and Gagne ©2005 Operating System Principles 10.4 File System Mounting A file system must be mounted before it can be accessed A unmounted file system (i.e. Fig. 10-11(b)) is mounted at a mount point existing unmounted volume mount point

2. 10.2 Silberschatz, Galvin and Gagne ©2005 Operating System Principles Mount Point 1. The OS is first given the name of the device and the mount point 2. The OS verifies that the device contains a valid file system Read the device directory and verify the directory format 3. The OS notes in the directory structure that a file system is mounted at the specified mount point 4. If the volume is unmounted, the file system is restored to the situation before mounting OS may impose semantics to clarify functionality May disallow a mount over a directory containing files; or may obscure the directory’s existing files until the file system is unmounted May allow the same file system to be mounted repeatedly, at different mount points; or it may allow only one mount per file system

3. 10.3 Silberschatz, Galvin and Gagne ©2005 Operating System Principles Mount Examples Macintosh searches for a file system on a disk first encountered. If found, the file system is auto-mounted at the root level Windows OS maintains an extended two-level directory structure, with devices and volumes assigned drive letters. Recent Windows allow a file system to be mounted anywhere in the directory tree Windows auto-discover all devices and mount all located file systems at boot time Unix has explicit mount commands

4. 10.4 Silberschatz, Galvin and Gagne ©2005 Operating System Principles 10.5 File Sharing Sharing of files on multi-user systems is desirable Sharing may be done through a protection scheme On distributed systems, files may be shared across a network Network File System (NFS) is a common distributed file-sharing method

5. 10.5 Silberschatz, Galvin and Gagne ©2005 Operating System Principles File Sharing – Multiple Users File sharing, file naming, and file protection are important in multiple-user systems The system may allow a user to access other user’s files by default or it may require specific access grant Most systems use the concept of file owner and group, as file attributes, to implement file sharing and protection User IDs identify users, allowing permissions and protections to be per-user Group IDs allow users to be in groups, permitting group access rights

6. 10.6 Silberschatz, Galvin and Gagne ©2005 Operating System Principles File Sharing – Remote File Systems Uses networking to allow file system access between systems Manually via programs like FTP  Both anonymous and authenticated access Automatically, seamlessly using distributed file systems, in which remote directories are visible from a local machine Semi automatically via the world wide web, where a browser is needed to access remote files, and separate operations (a wrapper for ftp) are used to transfer files

7. 10.7 Silberschatz, Galvin and Gagne ©2005 Operating System Principles The Client-Server Model Client-server model allows clients to mount remote file systems from servers Server can serve multiple clients Client, specified by a network name or IP address, and user-on-client identification is insecure or complicated (by encryption) NFS is standard UNIX client-server file sharing protocol  User’s ID on the client and server must match  Once the remote file system is mounted, file operation requests are sent on behalf of the user across the network to the server via the DFS protocol  Standard operating system file calls are translated into remote calls

8. 10.8 Silberschatz, Galvin and Gagne ©2005 Operating System Principles Distributed Information Systems Also known as distributed naming services LDAP, DNS, NIS (network information service, yellow pages), Active Directory implement unified access to information needed for remote computing In Windows CIFS (common internet file system), network information is used with user authentication to create a network login. A newer version is called active directory. One distributed LDAP (lightweight directory-access protocol) could be used by an organization to store all user and resource information for all organization’s computers. The result is secure single sign-on for users. Skip 10.5.2.3, 10.5.3

9. 10.9 Silberschatz, Galvin and Gagne ©2005 Operating System Principles 10.6 Protection Reliability is to keep the computer system from physical damage. (Chapter 12) Protection is to keep it from improper access. File owner/creator should be able to control: what can be done by whom Basic types of controlled access Read Write Execute Append Delete List Other high-level functions, like copying and editing files may be implemented by making lower-level system calls

10. 10.10 Silberschatz, Galvin and Gagne ©2005 Operating System Principles Access Control Lists Mode of access: read, write, execute Three classes of users r w x a) owner access 7  1 1 1 r w x b) group access 6  1 1 0 r w x c) public access1  0 0 1 Ask manager to create a group (unique name), say G, and add some users to the group. For a particular file (say game) or subdirectory, define an appropriate access. ownergrouppublic chmod761game Attach a group to a file chgrp G game

11. 10.11 Silberschatz, Galvin and Gagne ©2005 Operating System Principles Windows XP Access-control List Management

12. 10.12 Silberschatz, Galvin and Gagne ©2005 Operating System Principles A Sample UNIX Directory Listing

13. 10.13 Silberschatz, Galvin and Gagne ©2005 Operating System Principles Other Protection Approaches Associate a password with each file Disadvantages  The number of passwords that a user needs to remember  If only one password is used for all the files, then protection is on an all-or-none basis – Some system allow the user to associate a password with a directory Adding protection mechanisms to single-user OS is difficult Directory protection Control the creation and deletion of files in a directory Control whether a user could check the existence of a file in a directory. (Listing the contents of a directory)