File Sharing and Protection

FILE SHARING AND PROTECTION

1. MULTIPLE USERS:

When an operating system accommodates multiple users, the issues of file sharing, file naming and file protection become preeminent.

ü The system either can allow user to access the file of other users by default, or it may require that a user specifically grant access to the files.

ü These are the issues of access control and protection.

ü To implementing sharing and protection, the system must maintain more file and directory attributes than a on a single-user system.

ü The owner is the user who may change attributes, grand access, and has the most control over the file or directory.

ü The group attribute of a file is used to define a subset of users who may share access to the file.

ü Most systems implement owner attributes by managing a list of user names and associated user identifiers (user Ids).

ü When a user logs in to the system, the authentication stage determines the appropriate

user ID for the user. That user ID is associated with all of user’s processes and threads. When they need to be user readable, they are translated, back to the user name via the user name list.

ü Likewise, group functionality can be implemented as a system wide list of group names and group identifiers.

ü   Every user can be in one or more groups, depending upon operating system design

decisions. The user’s group Ids is also included in every associated process and thread.

0.     Remote File System:

· Networks allowed communications between remote computers.

· Networking allows the sharing or resource spread within a campus or even around the world. User manually transfer files between machines via programs like ftp.

· A distributed file system (DFS) in which remote directories is visible from the local machine.

· The World Wide Web: A browser is needed to gain access to the remote file   and

separate operations (essentially a  wrapper for ftp) are used  to transfer files.

a)    The client-server Model:

            Remote file systems allow a computer to a mount one or more file systems from one or more remote machines.

            • A  server  can  serve multiple  clients,  and  a  client  can use multiple servers, depending on the implementation details of a given client –server facility.

            • Client  identification  is more  difficult.  Clients  can  be  specified by  their network name or other identifier, such as IP address, but these can be spoofed (or imitate). An unauthorized client can spoof the server into deciding that it is authorized, and the unauthorized client could be allowed access.

b) Distributed Information systems:

·        Distributed information systems, also known as distributed naming service, have been devised to provide a unified access to the information needed for remote computing.

·        Domain name system (DNS) provides host-name-to-network address translations for their entire Internet (including the World Wide Web). Before DNS was invented and became widespread, files containing the same information were sent via e-mail of ftp between all networked hosts.

c) Failure Modes:

·        Redundant arrays of inexpensive disks (RAID) can prevent the loss of a disk from resulting in the loss of data.

Remote file system has more failure modes. By nature of the complexity of networking system and the required interactions between remote machines, many more problems can interfere with the proper operation of remote file systems.

 d) Consistency Semantics:

o   It is characterization of the system that specifies the semantics of multiple users accessing a shared file simultaneously.

o   These semantics should specify when modifications of data by one user are observable by other users.

o   The semantics are typically implemented as code with the file system.

o   A series of file accesses (that is reads and writes) attempted by a user to the same file is always enclosed between the open and close operations.

o   The series of access between the open and close operations is a file session.

(i) UNIX Semantics:

The UNIX file system uses the following consistency semantics:

1. Writes to an open file by a user are visible immediately to other users that have this file open at the same time.

2. One mode of sharing allows users to share the pointer of current location into the file. Thus, the advancing of the pointer by one user affects all sharing users.

(ii) Session Semantics:

The Andrew file system (AFS) uses the following consistency semantics:

1. Writes to an open file by a user are not visible immediately to other users that have the same file open simultaneously.

2. Once a file is closed, the changes made to it are visible only in sessions starting later. Already open instances of the file do not reflect this change.

(iii) Immutable –shared File Semantics:

o   Once a file is declared as shared by its creator, it cannot be modified.

o   An immutable file has two key properties:

o   Its  name may not be reused and its contents may not be altered.