File Protection in OS:- When information is stored in a computer system, we want to keep it safe from physical damage and improper access. Protection can be provided in many ways. For a small single-user system, we might provide protection by physically removing the floppy disks and locking them in a desk drawer or file cabinet. In a multiuser system, however, other mechanisms are needed. Here we provided File Protection in OS.
File Protection in OS
Types of Access
The need to protect files is a direct result of the ability to access files. Systems that do not permit access to the files of other users do not need protection. Thus we could provide complete protection by prohibiting access. Alternatively, we could provide free access with no protection. Both approaches are too extreme for general use. What is needed is controlled access. Protection mechanisms provide controlled access by limiting the types of file access that can be made. Access is permitted or denied depending on several factors, one of which is the type of access requested. Several different types of operations may be controlled:
- Read:- Read from the file.
- Write:- Write or rewrite the file.
- Execute:- Load the file into memory and execute it.
- Append:- Write new information at the end of the file.
- Delete:- Delete the file and free its space for possible reuse.
- List:- List the name and attributes of the file.
Other operations, such as renaming, copying, and editing the file, may also be controlled. For many systems, however, these higher-level functions may be implemented by a system program that makes lower-level system calli Protection is provided at only the lower level. For instance, copying a file may be implemented simply by a sequence of read requests. In this case, a user with read access can also cause the file to be copied, printed, and so on.
Many protection mechanisms have been proposed. Each has advantages and disadvantages and must be appropriate for its intended application. Directory Structure in Operating System
The most common approach to the protection problem is to make access dependent on the identity of the user. Different users may need different types of access to a file or directory. The most general scheme to implement identity dependent access is to associate with each file and directory an access control list (ACL) specifying user names and the types of access allowed for each user When a user requests access to a particular file, the operating system checks the access list associated with that file. If that user is listed for the requested access, the access is allowed. Otherwise, a protection violation occurs, and the user job is denied access to the file.
This approach has the advantage of enabling complex access methodologies. The main problem with access lists is their length. If we want to allow everyone to read a file, we must list all users with read access. This technique has two undesirable consequences:
- Constructing such a list may be a tedious and unrewarding task, especially if we do not know in advance the list of users in the system.
- The directory entry, previously of fixed size, now must be of variable size, resulting in more complicated space management.
These problems can be resolved by the use of a condensed version of the access list. To condense the length of the access-control list, many systems recognize three classifications of users in connection with each file:
- Owner:- The user who created the file is the owner.
- Group:- A set of users who are sharing the file and need similar access is a group or workgroup.
- Universe:- All other users in the system constitute the universe.
The most common recent approach is to combine access-control lists with the more general (and easier to implement) owner, group, and universe access control scheme just described.
Other Protection Approaches
Another approach to the protection problem is to associate a password with each file. Just as access to the computer system is often controlled by a password, access to each file can be controlled in the same way. If the passwords are chosen randomly and changed often, this scheme may be effective in limiting access to a file. The use of passwords has a few disadvantages, however. First, the number of passwords that a user needs to remember may become large, making the scheme impractical. Second, if only one password is used for all the files, then once it is discovered, all files are accessible, protection is on an all-or-none basis. Some systems (for example, TOPS-20) allow a user to associate a password with a subdirectory, rather than with an individual file, to deal with this problem. The IBMVM/CMS operating system allows three passwords for a minidisk- one each for read, write, and multiwrite access
Some single-user operating systems such as MS-DOS and versions of the Macintosh operating system prior to Mac OS X provide little in terms of file protection. In scenarios where these older systems are now being placed on networks requiring file sharing and communication, protection mechanisms must be retrofitted into them. Designing a feature for a new operating system is almost always easier than adding a feature to an existing one. Such updates are usually less effective and are not seamless.
In a multilevel directory structure, we need to protect not only individual files but also collections of files in subdirectories; that is, we need to provide a mechanism for directory protection. The directory operations that must be protected are somewhat different from the file operations. We want to control the creation and deletion of files in a directory. In addition, we probably want to control whether a user can determine the existence of a file in a directory Sometimes, knowledge of the existence and name of a file is significant in itself Thus, listing the contents of a directory must be a protected operation. Similarly, if a path name refers to a file in a directory, the user must be allowed access to both the directory and the file. In systems where files may have numerous path names (such as acyclic or general graphs), a given user may have different access rights to a particular file, depending on the path name used.