File Attributes

A file is named, for the convenience of its human users, and is referred to by its name. A file's
attributes vary from one operating system to another. The attributes of a file are p-
o Name - The symbolic file name is the only information kept in human readable form.
Some special significance is given to names, and particularly extensions (.exe, .txt, etc.).
o Identifier – It is a unique number, that identifies the file within the file system.
o Type – Type of the file like text, executable, another binary, etc.
o Location -. location of the file on that device.
o Size - The current size of the file (in bytes, words, or blocks)
o Protection - Access-control information (reading, writing, executing).
o Time, date, and user identification –These data can be useful for protection, security,
and usage monitoring.

File Operations
The operating system provides system calls to create, write, read, reposition, delete,
and truncate files.

1 Creating a file - Two steps are necessary to create a file

● Find space in the file system for the file.
● Make an entry for the new file in the directory.

Writing a file - To write a file, the system call consists of both the name of the file and the
information
to be written to the file. Given the name of the file, the system searches the directory to find the
file's
location. The system must keep a write pointer to the location in the file where the next write is
to take
place. The write pointer must be updated whenever a write occurs.

Reading a file - To read from a file, the system call that specifies the name of the file and where
the next block of the file should be put. The directory is searched for the file, and the system
needs to keep a read pointer to the location in the file where the next read is to take place. Once
the read has taken place, the read pointer is updated.

Repositioning within a file - The directory is searched for the file, and the file pointer is
repositioned to a given value. This file operation is also known as a file seek.

Deleting a file – To delete a file, search the directory for the file. Release all file space, so that it
can be reused by other files, and erase the directory entry.
Truncating a file - The user may want to erase the contents of a file but keep its attributes.
Rather thanforcing the user to delete the file and then recreate it, this function allows all
attributes to remain unchanged –except for file length.
Access Methods

The file information is accessed and read into computer memory. The information in the file can
be accessed in several ways.

a) Sequential Access

Here information in the file is processed in order, one record after the other.
This mode of access is a common method; for example, editors and compilers usually
access files in this fashion.
A sequential access file emulates magnetic tape operation, and generally supports a
few operations:
o read next - read a record and advance the file pointer to the next position.
o write next - write a record to the end of file and advance the file pointer to the
next position as shown in Fig. 5.2.

o skip n records - May or may not be supported. ‘n’ may be limited to positive numbers, or may
be
limited to +/- 1.

Fig. 5.2 Sequential-access file.

b) Direct Access

A file is made up of fixed-length logical records that allow programs to read and write
records randomly. The records can be rapidly accessed in any order.
Direct access is of great use for immediate access to large amount of information.
Eg: Database file. When a query occurs, the query is computed and only the selected rows are
access directly to provide the desired information.
Operations supported include:
read n - read record number n. (position the cursor to n and then read the record)
write n - write record number n. (position the cursor to n and then write the record)
jump to record n – move to nth record (n- could be 0 or the end of file)
If the record length is L, there is a request for record ‘N’. Then the direct access to
the starting byte of record ‘N’ is at L*(N-1)
Eg: if 3rd record is required and length of each record(L) is 50, then the starting
position of 3rd record is L*(N-1)

Address = 50*(3-1) = 100.

c) Other Access Methods (Indexed method)

These methods generally involve the construction of an index for the file called index file.
The index file is like an index page of a book, which contains key and address. To find a
record in the file, we first search the index and then use the pointer to access the record
directly and find the desired record.
An indexed access scheme can be easily built on top of a direct access system.
For very large files, the index file itself is very large.

Directory structures

a) Single-Level Directory

●​ It is the simplest directory structure.

●​ All files are contained in the same directory, which is easy to support and understand.
●​ The limitations of this structure are that -
●​ All files are in the same directory must have unique names.
●​ Even a single user on a single-level directory may find it difficult to remember the
names of all the files as the number of files increases as shown in Fig.

b) Two-Level Directory

●​ Each user gets their own directory space - user file directory (UFD)
●​ File names only need to be unique within a given user's directory.
●​ A master file directory (MFD) is used to keep track of each user’s directory, and must be
maintained when users are added to or removed from the system.
●​ When a user refers to a particular file, only his own UFD is searched.
●​ All the files within each UFD are unique.

c) Tree-Structured Directories

●​ A tree structure is the most common directory structure.

●​ The tree has a root directory, and every file in the system has a unique path name.
●​ A directory (or subdirectory) contains a set of files or subdirectories.
●​ Path names can be of two types: absolute and relative. An absolute path begins at the
●​ root and follows a down to the specified file, giving the directory names on the
[Link] path defines a path from the current directory

d) Acyclic-Graph Directories

●​ When the same files need to be accessed in more than one place in the directory
structure (e.g. because they are being shared by more than one user), it can be useful
to provide an acyclic-graph structure. (Note the directed arcs from parent to child. )
●​ UNIX provides two types of links (pointer to another file) for implementing the

acyclic-graph structure.
o A hard link (usually just called a link) involves multiple directory entries that both
refer to the same file. Hard links are only valid for ordinary files in the same
filesystem.
o A symbolic link, that involves a special file, containing information about where to
find the linked file. Symbolic links may be used to link directories and/or files in
other filesystems, as well as ordinary files in the current filesystem as shown in
Fig. 5.29.

e) General Graph Directory

If cycles are allowed in the graphs, then several problems can arise:
o Search algorithms can go into infinite loops. One solution is to not follow links in
search algorithms. (Or not to follow symbolic links, and to only allow symbolic links
To refer to directories)
o Sub-trees can become disconnected from the rest of the tree and still not have their
reference counts reduced to zero. Periodic garbage collection is required to detect and
resolve this problem.
o when we add links to an existing tree-structured directory, the tree structure is destroyed,
resulting in a simple graph structure

5.4File-System Mounting

The basic idea behind mounting file systems is to combine multiple file systems into one large
tree
structure.
The mount command is given a filesystem to mount and a mount point (directory) on which to
attach it.
Once a file system is mounted onto a mount point, any further references to that directory
actually refer to the root of the mounted file system.
Any files (or sub-directories) that had been stored in the mount point directory prior to
mounting the new filesystem are now hidden by the mounted filesystem, and are no longer
available. For this reason, some systems only allow mounting onto empty directories (Fig. 5.10
a).
Filesystems can only be mounted by root, unless root has previously conFig.d certain
filesystems to be mountable onto certain pre-determined mount points. (E.g. root may allow
users to mount floppy filesystems to /mnt or something like it) Anyone can run the mount
command to see what filesystems are currently mounted (Fig. 5.10 b).
Filesystems may be mounted read-only, or have other restrictions imposed.
The traditional Windows OS runs an extended two-tier directory structure, where the first tier of
the structure separates volumes by drive letters, and a tree structure is implemented below that
level.
Macintosh runs a similar system, where each new volume that is found is automatically mounted
and added to the desktop when it is found. More recent Windows systems allow filesystems to
be mounted to any directory in the filesystem, much like UNIX.
Fig. 5.10 shows the effects of mounting the volume residing on /device/dsk over /users. If the
volume is unmounted, the file system is restored to the situation depicted in Fig. 5.11.
Protection

5.10.1Goals of Protection

Protection is a mechanism for controlling the access of programs, processes, or users to

the resources defined by a computer system. Protection ensures that only processes that have
gained proper authorization from the operating system can operate on the files, memory
segments, CPU, and other resources of a system.
Protection is required to prevent mischievous, intentional violation of an access
restriction by a user.

5.10.2 Principles of Protection

A key, time-tested guiding principle for protection is the ‘principle of least privilege’. It
dictates that programs, users, and even systems be given just enough privileges to perform their
tasks. An operating system provides mechanisms to enable privileges when they are needed and to
disable them when they are not needed.

5.10.3 Domain of Protection

A computer system is a collection of processes and objects. Objects are both hardware
objects (such as the CPU, memory segments, printers, disks, and tape drives) and software
objects (such as files, programs, and semaphores). Each object (resource) has a unique name that
differentiates it from all other objects in the system.
The operations that are possible may depend on the object. For example, a CPU can only
be executed on. Memory segments can be read and written, whereas a CD-ROM or DVD-ROM
can only be read. Tape drives can be read, written, and rewound. Data files can be created,
opened, read, written, closed, and deleted; program files can be read, written, executed, and
Deleted.

Access Matrix

An access matrix is a table that shows which process (domain) can do what operation on
which object.

Rows → Domains (D1, D2, …)

Columns → Objects (files, devices, etc.)

Cell entry → Rights (read, write, execute, etc.)

Example rights:
R → Read

W → Write

X → Execute

2. What is Copy Right?

A copy right allows a domain to copy a right to another domain.

It is written as:

R* → Copyable read right

W* → Copyable write right

In an access matrix, a right with a star (*) is called a copy right.

For example, R* means read permission with copying allowed.

Limited Copy Rule

When a copy right R* is copied:

The right R* at position access(i, j) is copied to access(k, j)

Only the basic right R is copied

The star (*) is not copied

So, R* → R

Because of this:

A process executing in domain Dk gets only R

It cannot further copy this right to any other domain

Implementation of Access Matrix:

Global Table:
The simplest way to implement an access matrix is to store it as a file containing a list of
ordered triples:

⟨domain, object, set of rights⟩

When a process in domain Di tries to perform an operation M on an object Oj, the system
searches the file for a matching entry:

⟨Di, Oj, Rk⟩

If such an entry exists and M is included in the rights set Rk, the operation is allowed.

Access Lists for Objects:

Each column in the access matrix can be implemented as an access list for one object.
The empty entries are discarded. The resulting list for each object consists of ordered pairs
<domain, rights-set>. It defines all domains access right for that object. When an operation M
is executed on object Oj in Di, search the access list for object Oj, look for an entry <Di, Rj >
with M e Kj. If the entry is found, we allow the operation; if it is not, we check the
default set.

Capability Lists for Domains:

A capability list for a domain is a list of objects together with the operations allowed on
those objects. An object is often represented by its name or address, called a capability. To
execute operation M on object Oj, the process executes the operation M, specifying the
capability for object Oj as a parameter. Simple possession of the capability means that access
is allowed.

A Lock-Key Mechanism:
The lock-key scheme is a compromise between access lists and capability lists. Each
object has a list of unique bit patterns, called locks. Similarly, each domain has a list of unique
bit patterns, called keys. A process executing in a domain can access an object only if that
domain has a key that matches one of the locks of the object.