Topic: Access Control in File Systems What is the point of this lecture? When choosing a file system implementation you must find the best balance between reliability and performance. Also discussed: "Access control lists are a more intuitive device for controlling access privileges to files/directories." The access control matrix is a table that relates subjects, objects, and the type of operations subjects can perform on objects. For Example: __O1___O2___O3___O4___O5__ S1 | rw r rwx r r | S2 | rwx rw r rw rx | S3 | rwx r rwx rx rw | S4 | r rwx r rwx r | |__________________________| When recorded on disk, this table could be recorded one of two ways: 1. Objects and rights to access them (Access Control List) 2. Subjects and their rights (Capability List) Each of these representations have their advantages and disadvantages. Access Control List (ACL) - each file has access right information written with it. - works at object level. - pros: easy to check which users are able to access a given file easier to express, natural way of thinking about objects. scales up well, works efficiently with distributed systems - cons: difficult to grant/remove rights to a user on all files. Capability List - each user account stores file access information. - works at subject level. - pros: good for granting rights to a user - cons: difficult to remove right on a particular file because you need to enumerate across all users Overall, ACL is more commonly used because most of the time people are interested in checking on rights to access a particular file. How does ACL work in Unix? Associated with each file are 9 bits. 3 of these bits represent Read permission, Write permission and Execute Permission. These three bits are used in three categories which determine what "everyone" can do to that file, what "everyone in this group" can do to that file and what "the owner" of this file can do to it. Example: World Group User (Owner) Value (dec) 4 4 6 Value (binary) 100 100 110 Meaning (read) (read) (read & write) In the above example, the world and everyone in the group associated with this file have read permission only. The user, or owner, of this file has read and write permission. There is a file (etc/group) that holds all the groups available on the current system. There is another file (etc/passwd) that holds the user information, this is also where the users groups are recorded. The groups make it easier to give certain users special privileges over everyone else, but you won't have to go through and search for all the users. The same thing is used for access privileges to directories. Read privileges means a user/group/everyone has the privilege to list the contents of this directory. Write means a user/group/everyone has the privilege to write to a file in this directory. Execute means a user/group/everyone has the privilege to access a file (by filename) in this directory. Example: World Group User Value (dec) 4 6 7 Value (binary) 100 110 111 Meaning (read) (read & write) (read, write & execute) Here we see that everyone can at least list the contents of this directory. Those that belong to the group associated with this directory can list the contents of this directory and write to a file in this directory. The user (owner) of this directory can do anything it wants. New topic: File System Implementation Issues The OS views the disk as a device that completes requests. The OS maintains a request queue, and a finished queue. When there is a disk write/read request, OS places that request on the request queue. Although this request queue could be managed by the disk controller, it is maintained by the OS because of access priorities and scheduling. Because mechanical latencies cause disk access to be very slow, we need to find a way to improve the performance of the disk. One way is to use different scheduling methods (covered in homework 4). There are several ways to improve performance of disks in addition to scheduling. One of which is disk layout. Disk Layout: - disks are made up of blocks (often matches page size because of page in/outs) - Two types of data on disk: 1. Meta data. They describe normal data and are only visible to OS. 2. Data: What we normally refer to as data. Content of files. Between the two, meta data is more important. If meta data is gone, there is no way that one could still access the normal data. There could be additional levels of meta data. In addition, there is meta data that describe other meta data. Without meta data the OS doesn't know anything about the files on the disk, so there are top level meta data that are stored at a location known to the OS. These top level meta data are called Master Boot Record (MRB), Root Inode, File Allocation Table (FAT), etc. Because you DO NOT want to lose these, they are stored in multiple locations in case of a partial disk failure. Two factors that we have to take into consideration when looking at a disk layout are Reliability and Performance (R and P) 1. Contiguous Layout: - allocate data in sequence, treat disk as memory - problem: external fragmentation after adding/removing. - pros: fast, simplifies directory access. - P: good --> because it's fast - R: good --> if one area of the disk fails, the files that are affected are minimum 2. Linked Structure: - each block points to the next block, directory points to first. - P: good for sequential access, bad otherwise - R: bad --> if one block in the middle fails, data after that block is lost 3. Indexed Structure: - an "index block" contains ptrs to many other blocks - P: better for random access. - R: good - may need multiple index blocks if the size of the file gets large.