File Sharing

10.5 File Sharing

10.5.1 Multiple Users

  • On a multi-user system, more information needs to be stored for each file:
    • The owner ( user ) who owns the file, and who can control its access.
    • The group of other user IDs that may have some special access to the file.
    • What access rights are afforded to the owner ( User ), the Group, and to the rest of the world ( the universe, a.k.a. Others. )
    • Some systems have more complicated access control, allowing or denying specific accesses to specifically named users or groups.

10.5.2 Remote File Systems

  • The advent of the Internet introduces issues for accessing files stored on remote computers
    • The original method was ftp, allowing individual files to be transported across systems as needed. Ftp can be either account and password controlled, or anonymous, not requiring any user name or password.
    • Various forms of distributed file systems allow remote file systems to be mounted onto a local directory structure, and accessed using normal file access commands. ( The actual files are still transported across the network as needed, possibly using ftp as the underlying transport mechanism. )
    • The WWW has made it easy once again to access files on remote systems without mounting their filesystems, generally using ( anonymous ) ftp as the underlying file transport mechanism.

10.5.2.1 The Client-Server Model

  • When one computer system remotely mounts a filesystem that is physically located on another system, the system which physically owns the files acts as a server, and the system which mounts them is the client.
  • User IDs and group IDs must be consistent across both systems for the system to work properly. ( I.e. this is most applicable across multiple computers managed by the same organization, shared by a common group of users. )
  • The same computer can be both a client and a server. ( E.g. cross-linked file systems. )
  • There are a number of security concerns involved in this model:
    • Servers commonly restrict mount permission to certain trusted systems only. Spoofing ( a computer pretending to be a different computer ) is a potential security risk.
    • Servers may restrict remote access to read-only.
    • Servers restrict which filesystems may be remotely mounted. Generally the information within those subsystems is limited, relatively public, and protected by frequent backups.
  • The NFS ( Network File System ) is a classic example of such a system.

10.5.2.2 Distributed Information Systems

  • The Domain Name System, DNS, provides for a unique naming system across all of the Internet.
  • Domain names are maintained by the Network Information System, NIS, which unfortunately has several security issues. NIS+ is a more secure version, but has not yet gained the same widespread acceptance as NIS.
  • Microsoft's Common Internet File System, CIFS, establishes a network login for each user on a networked system with shared file access. Older Windows systems used domains, and newer systems ( XP, 2000 ), use active directories. User names must match across the network for this system to be valid.
  • A newer approach is the Lightweight Directory-Access Protocol, LDAP, which provides a secure single sign-on for all users to access all resources on a network. This is a secure system which is gaining in popularity, and which has the maintenance advantage of combining authorization information in one central location.

10.5.2.3 Failure Modes

  • When a local disk file is unavailable, the result is generally known immediately, and is generally non-recoverable. The only reasonable response is for the response to fail.
  • However when a remote file is unavailable, there are many possible reasons, and whether or not it is unrecoverable is not readily apparent. Hence most remote access systems allow for blocking or delayed response, in the hopes that the remote system ( or the network ) will come back up eventually.

10.5.3 Consistency Semantics

  • Consistency Semantics deals with the consistency between the views of shared files on a networked system. When one user changes the file, when do other users see the changes?
  • At first glance this appears to have all of the synchronization issues discussed in Chapter 6. Unfortunately the long delays involved in network operations prohibit the use of atomic operations as discussed in that chapter.

10.5.3.1 UNIX Semantics

  • The UNIX file system uses the following semantics:
    • Writes to an open file are immediately visible to any other user who has the file open.
    • One implementation uses a shared location pointer, which is adjusted for all sharing users.
  • The file is associated with a single exclusive physical resource, which may delay some accesses.

10.5.3.2 Session Semantics

  • The Andrew File System, AFS uses the following semantics:
    • Writes to an open file are not immediately visible to other users.
    • When a file is closed, any changes made become available only to users who open the file at a later time.
  • According to these semantics, a file can be associated with multiple ( possibly different ) views. Almost no constraints are imposed on scheduling accesses. No user is delayed in reading or writing their personal copy of the file.
  • AFS file systems may be accessible by systems around the world. Access control is maintained through ( somewhat ) complicated access control lists, which may grant access to the entire world ( literally ) or to specifically named users accessing the files from specifically named remote environments.

10.5.3.3 Immutable-Shared-Files Semantics

  • Under this system, when a file is declared as shared by its creator, it becomes immutable and the name cannot be re-used for any other resource. Hence it becomes read-only, and shared access is simple.
Subscribe to: Posts (Atom)