Protection in File System
In computer systems, alot of user’s information is stored, the objective of the operating system is to keep safe the data of the user from the improper access to the system. Protection can be provided in number of ways. For a single laptop system, we might provide protection by locking the computer in a desk drawer or file cabinet. For multi-user systems, different mechanisms are used for the protection.
Types of Access :
The files which have direct access of the any user have the need of protection. The files which are not accessible to other users doesn’t require any kind of protection. The mechanism of the protection provide the facility of the controlled access by just limiting the types of access to the file. Access can be given or not given to any user depends on several factors, one of which is the type of access required. Several different types of operations can be controlled:
- Read –
Reading from a file.
- Write –
Writing or rewriting the file.
- Execute –
Loading the file and after loading the execution process starts.
- Append –
Writing the new information to the already existing file, editing must be end at the end of the existing file.
- Delete –
Deleting the file which is of no use and using its space for the another data.
- List –
List the name and attributes of the file.
Operations like renaming, editing the existing file, copying; these can also be controlled. There are many protection mechanism. each of them mechanism have different advantages and disadvantages and must be appropriate for the intended application.
Access Control :
There are different methods used by different users to access any file. The general way of protection is to associate identity-dependent access with all the files and directories an list called access-control list (ACL) which specify the names of the users and the types of access associate with each of the user. The main problem with the access list is their length. If we want to allow everyone to read a file, we must list all the users with the read access. This technique has two undesirable consequences:
Constructing such a list may be tedious and unrewarding task, especially if we do not know in advance the list of the users in the system.
Previously, the entry of the any directory is of the fixed size but now it changes to the variable size which results in the complicates space management. These problems can be resolved by use of a condensed version of the access list. To condense the length of the access-control list, many systems recognize three classification of users in connection with each file:
- Owner –
Owner is the user who has created the file.
- Group –
A group is a set of members who has similar needs and they are sharing the same file.
- Universe –
In the system, all other users are under the category called universe.
The most common recent approach is to combine access-control lists with the normal general owner, group, and universe access control scheme. For example: Solaris uses the three categories of access by default but allows access-control lists to be added to specific files and directories when more fine-grained access control is desired.
Other Protection Approaches:
The access to any system is also controlled by the password. If the use of password are is random and it is changed often, this may be result in limit the effective access to a file.
The use of passwords has a few disadvantages:
- The number of passwords are very large so it is difficult to remember the large passwords.
- If one password is used for all the files, then once it is discovered, all files are accessible; protection is on all-or-none basis.