CU-BCA-SEM-III-System software and operating system-Second draft

Traditional file systems offer facilities to create, move and delete both files and directories. They lack facilities to create additional links to a directory (hard links in Unix), rename parent links, and create bidirectional links to files. Traditional file systems also offer facilities to truncate, append to, create, move, delete and in-place modify files. They do not offer facilities to prepend to or truncate from the beginning of a file, let alone arbitrary insertion into or deletion from a file. The operations provided are highly asymmetric and lack the generality to be useful in unexpected contexts. For example, interprocess pipes in UNIX have to be implemented outside of the file system because the pipes concept does not offer truncation from the beginning of files. Secure access to basic file system operations can be based on a scheme of access control lists or capabilities. Research has shown access control lists to be difficult to secure properly, which is why research operating systems tend to use capabilities. Commercial file systems still use access control lists. 14.2.1 File System A file system is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. File systems may use a data storage device such as a hard disk or CD-ROM and involve maintaining the physical location of the files, they might provide access to data on a file server by acting as clients for a network protocol (e.g., NFS, SMB, or 9P clients), or they may be virtual and exist only as an access method for virtual data. More formally, a file system is a set of abstract data types that are implemented for the storage, hierarchical organization, manipulation, navigation, access, and retrieval of data. File systems share much in common with database technology, but it is debatable whether a file system can be classified as a special-purpose database (DBMS). Types of File Systems File system types can be classified into disk file systems, network file systems and special purpose file systems. 1. Disk file systems: A disk file system is a file system designed for the storage of files on a data storage device, most commonly a disk drive, which might be directly or indirectly connected to the computer. Examples of disk file systems include FAT, FAT32, NTFS, 301 CU IDOL SELF LEARNING MATERIAL (SLM)

HFS and HFS+, ext2, ext3, ISO 9660, ODS-5, and UDF. Some disk file systems are journaling file systems or versioning file systems. 2. Flash file systems: A flash file system is a file system designed for storing files on flash memory devices. These are becoming more prevalent as the number of mobile devices is increasing, and the capacity of flash memories catches up with hard drives. While a block device layer can emulate a disk drive so that a disk file system can be used on a flash device, this is sub-optimal for several reasons: 1. Erasing blocks: Flash memory blocks have to be explicitly erased before they can be written to. The time taken to erase blocks can be significant, thus it is beneficial to erase unused blocks while the device is idle. 2. Random access: Disk file systems are optimized to avoid disk seeks whenever possible, due to the high cost of seeking. Flash memory devices impose no seek latency. 3. Wear levelling: Flash memory devices tend to wear out when a single block is repeatedly overwritten; flash file systems are designed to spread out writes evenly. 4. Log-structured file systems: These systems have all the desirable properties for a flash file system. Such file systems include JFFS2 and YAFFS. 5. Database file systems: A new concept for file management is the concept of a database- based file system. Instead of, or in addition to, hierarchical structured management, files are identified by their characteristics, like type of file, topic, author, or similar metadata. Example: dbfs. 6. Transactional file systems: Each disk operation may involve changes to a number of different files and disk structures. In many cases, these changes are related, meaning that it is important that they all be executed at the same time. Take for example a bank sending another bank some money electronically. The bank's computer will \"send\" the transfer instruction to the other bank and also update its own records to indicate the transfer has occurred. If for some reason the computer crashes before it has had a chance to update its own records, then on reset, there will be no record of the transfer but the bank will be missing some money. Transaction processing introduces the guarantee that at any point while it is running, a transaction can either be finished completely or reverted completely (though not necessarily both at any given point). This means that if there is a 302 CU IDOL SELF LEARNING MATERIAL (SLM)

crash or power failure, after recovery, the stored state will be consistent. (Either the money will be transferred or it will not be transferred, but it won't ever go missing \"in transit\"). This type of file system is designed to be fault tolerant, but may incur additional overhead to do so. Journaling file systems are one technique used to introduce transaction-level consistency to file system structures. 7. Network file systems: A network file system is a file system that acts as a client for a remote file access protocol, providing access to files on a server. Examples of network file systems include clients for the NFS, SMB protocols, and file-system-like clients for FTP and WebDAV. 8. Special purpose file systems: A special purpose file system is basically any file system that is not a disk file system or network file system. This includes systems where the files are arranged dynamically by software, intended for such purposes as communication between computer processes or temporary file space. Special purpose file systems are most commonly used by file-centric operating systems such as UNIX. 9. Flat file systems: In a flat file system, there are no subdirectories-everything is stored at the same (root) level on the media, be it a hard disk, floppy disk, etc. While simple, this system rapidly becomes inefficient as the number of files grows, and makes it difficult for users to organise data into related groups. Like many small systems before it, the original Apple Macintosh featured a flat file system, called Macintosh File System. Its version of Mac OS was unusual in that the file management software created the illusion of a partially hierarchical filing system on top of MFS. This structure meant that every file on a disk had to have a unique name, even if it appeared to be in a separate folder. MFS was quickly replaced with Hierarchical File System, which supported real directories. File Systems and Operating Systems Most operating systems provide a file system, as a file system is an integral part of any modern operating system. Early microcomputer operating systems' only real task was file management – a fact reflected in their names. Some early operating systems had a separate component for handling file systems which was called a disk operating system. On some microcomputers, the disk operating system was loaded separately from the rest of the operating system. On early operating systems, there was usually support for only one, native, 303 CU IDOL SELF LEARNING MATERIAL (SLM)

unnamed file system; for example, CPM supports only its own file system, which might be called \"CPM file system\" if needed, but which didn't bear any official name at all. Because of this, there needs to be an interface provided by the operating system software between the user and the file system. This interface can be textual (such as provided by a command line interface, such as the UNIX shell, or OpenVMS DCL) or graphical (such as provided by a graphical user interface, such as file browsers). If graphical, the metaphor of the folder, containing documents, other files, and nested folders is often used. File Attributes Disks provide the bulk of secondary storage on which a file system is maintained. To improve I/O efficiency, I/O transfer between memory and disk are performed in units of blocks. Each block is one or more sectors. Depending on the disk drive, sectors vary from 32 bytes to 4096 bytes; usually, they are 512 bytes. Disks have two important characteristics that make them a convenient medium for storing multiple files: They can be rewritten in place; it is possible to read a block from the disk, to modify the block, and to write it back into the same place. One can access directly any given block of information on the disk. Thus, it is simple to access any file either sequentially or randomly, and switching from one file to another requires only moving the read-write heads and waiting for the disk to rotate. To provide an efficient and convenient access to the disk, the operating system imposes a file system to allow the data to be stored, located, and retrieved easily. A file system poses two quite different design problems. The first problem is defining how the file system should look to the user. This task involves the definition of a file and its attributes, operations allowed on a file, and the directory structure for organizing the files. Next, algorithms and data structure must be created to map the logical file system onto the physical secondary storage devices. The file system itself is generally composed of many different levels. The structure shown in the figure is an example of a layered design. Each level in the design uses the features of lower levels to create new features for use by higher levels. The lowest level, the I/O control, consists of device drivers and interrupts handlers to transfer information between the memory and the disk system. A device driver can be thought of as a translator. Its input consists of high-level commands such as “retrieve block 123”. Its output 304 CU IDOL SELF LEARNING MATERIAL (SLM)

consists of low-level hardware-specific instructions that are used by the hardware controller which interfaces the I/O device to the rest of the system. The device driver usually writes specific bit patterns to special locations in the I/O controller's memory to tell the controller on which device location to act and what actions to take. The basic file system needs only to issue generic commands to the appropriate device driver to read and write physical blocks on the disk. Each physical block is identified by its numeric disk address (for example, drive 1, cylinder 3, track 2, and sector 10). The file-organization module knows about files and their logical blocks, as well as physical blocks. By knowing the type of file allocation used and the location of the file, the file- organization module can translate logical block addresses to physical block addresses for the basic file system to transfer. Each file's logical blocks are numbered from 0 (or 1) through N, whereas the physical blocks containing the data usually do not match the logical numbers, so a translation is needed to locate each block. The file-organization module also includes the free-space manager, which tracks unallocated blocks and provides these blocks to the file- organization module when requested. Finally, the logical file system uses the directory structure to provide the file organization module with the information the latter needs, given a symbolic file name. To create a new file, an application program calls the logical file system. The logical file system knows the format of the directory structures. To create a new file, it reads the appropriate directory into memory, updates it with the new entry, and writes it back to the disk. Some operating systems, including Unix, treat a directory exactly as a file – one with a type field indicating that it is a directory. Other operating systems, including Windows/NT, implement separate system calls for files and directories and treat directories as entities separate from files. When a directory is treated as a special file, the logical file system can call the file-organization module to map the directory I/O into disk block numbers, which are passed on to the basic file system and I/O control system. 305 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 14.1: File System Attributes Now that a file has been created, it can be used for I/O. For each I/O operation, the directory structure could be searched to find the file, its parameters checked, its data blocks located, and finally the operation on those data blocks performed. Each operation would entail high over-heads. Rather, before the file can be used for I/O procedures, it must be opened. When a file is opened, the directory structure is searched for the desired file entry. Parts of the directory structure are usually cached in memory to speed directory operations. Once the file is found, the associated information such as size, owner, access permissions and data block locations are generally copied into a table in memory, referred to as the open-file table, consisting of information about all the currently opened files. The first reference to a file (normally an open) causes the directory structure to be searched and the directory entry for this file to be copied into the table as opened files. The index into this table is returned to the user program, and all further references are made through the index rather than with the symbolic name. The name given to the index varies. Unix systems refer to it as a file descriptor, Windows/NT as a file handle, and other systems as a file control block. Consequently, as long as the file is not closed, all file operations are done on 306 CU IDOL SELF LEARNING MATERIAL (SLM)

the open-file table. When the file is closed by all users who have opened it, the updated file information is copied back to the disk-based directory structure. Some systems complicate this scheme even further by using multiple levels of in-memory tables. For example, in the BSD UNIX file system, each process has an open-file table that holds a list of pointers, indexed by descriptor. The pointers lead to a system-wide open-file table. This table contains information about the underlying entity that is open. For files, it points to a table of active inodes. For other entities, such as network connections and devices, it points to similar access information. The active-inodes table is an in-memory cache of inodes currently in use, and includes the inode index fields that point to the on-disk data blocks. In this way, once a file is opened, all but the actual data blocks are in memory for rapid access by any process accessing the file. In reality, the open first searches the open-file table entry is created pointed to the system-wide open-file table. If not, the inode is copied into the active-inodes table, a new system-wide entry is created and a new per-process entry is created. File System Functions The file system provides the mechanism for online storage and access to both data and programs. The file system resides permanently on secondary storage, which has the main requirement that it must be able to hold a large amount of data, permanently. This lesson is primarily concerned with issues concerning file storage and access on the most common secondary-storage medium, the disk. We explore ways to allocate disk space, to recover freed space, to track the locations of data, and to interface other parts of the operating system to secondary storage. File Naming Each file is a distinct entity and therefore a naming convention is required to distinguish one from another. The operating systems generally employ a naming system for this purpose. In fact, there is a naming convention to identify each resource in the computer system not files alone. File Types The files under UNIX can be categorized as follows: 307 CU IDOL SELF LEARNING MATERIAL (SLM)

1. Ordinary Files: Ordinary files are the one, with which we all are familiar. They may contain executable programs, text or databases. You can add, modify or delete them or remove the file entirely. 2. Directory Files: Directory files, as discussed earlier also, represent a group of files. They contain a list of file names and other information related to these files. Some of the commands that manipulate these directory files differ from those for ordinary files. 3. Special Files: Special files are also referred to as device files. These files represent physical devices such as terminals, disks, printers and tape-drives etc. These files are read from or written into just like ordinary files, except that operation on these files activates some physical devices. These files can be of two types: Character device files and block device files. In character device files, data is handled character by character, as in case of terminals and printers. In block device files, data is handled in large chunks of blocks, as in the case of disks and tapes. 4. FIFO Files: FIFO (first-in-first-out) are the files that allow unrelated processes to communicate with each other. They are generally used in applications where the communication path is in only one direction, and several processes need to communicate with a single process. For an example of FIFO file, take the pipe in UNIX. This allows transfer of data between processes in a first-in-first-out manner. A pipe takes the output of the first process as the input to the next process, and so on. 14.3 FILE OPERATIONS Major file operations are as follows: 1. Read operation 2. Write operation 3. Execute 4. Copying file 5. Renaming file 6. Moving file 7. Deleting file 308 CU IDOL SELF LEARNING MATERIAL (SLM)

8. Creating file 9. Merging files 10. Sorting file 11. Appending file 12. Comparing file We can also link a file with any other file. These are also called as symbolic links. 14.3.1 Symbolic Link A link is effectively a pointer or an alias to another file or sub-directory. For example, a link may be implemented as an absolute or relative path name (a symbolic link). When a reference to a file is made, we search the directory. The directory entry is marked as a link and the name of the real file (or directory) is given. We resolve the link by using the path name to locate the real file. Links are easily identified by their format in the directory entry (or by their having a special type on systems that support types), and are effectively named indirect pointers. A symbolic link can be deleted without deleting the actual file it links. There can be any number of symbolic links attached to a single file. Symbolic links are helpful in sharing a single file called by different names. Each time a link is created, the reference count in its inode is incremented by one. Whereas, deletion of link decreases the count by one. The operating system denies deletion of such files whose reference count is not 0, meaning that the file is in use. In a system where sharing is implemented by symbolic links, this situation is somewhat easier to handle. The deletion of a link does not need to affect the original file; only the link is removed. If the file entry itself is deleted, the space for the file is deallocated, leaving the links dangling. We can search for these links and remove them also, but unless a list of the associated link is kept with each file, this search can be expensive. Alternatively, we can leave the links until an attempt is made to use them. At that time, we can determine that the file of the name given by the link does not exist, and can fail to resolve the link name; the access is treated just like any other illegal file name. (In this case, the system designer should consider carefully what to do when a file is deleted and another file of the same name are created, before a symbolic link to the original file is used.) In the case of UNIX, symbolic 309 CU IDOL SELF LEARNING MATERIAL (SLM)

links are left when a file is deleted, and it is up to the user to realize that the original file is gone or has been replaced. Another approach to deletion is to preserve the file until all references to it are deleted. To implement this approach, we must have some mechanism for determining that the last reference to the file has been deleted. We could keep a list of all references to a file (directory entries or symbolic links). When a link or a copy of the directory entry is established, a new entry is added to the file-reference list. When a link or directory entry is deleted, we remove its entry on the list. The file is deleted when its file-reference list is empty. The trouble with this approach is the variable and potentially large size of the file-reference list. However, we really do not need to keep the entire list — we need to keep only a count of the number of references. A new link or directory entry increments the reference counts; deleting a link or entry decrements the count. When the count is 0, the file can be deleted; there are no remaining references to it. The UNIX operating system uses this approach for non-symbolic links, or hard links, keeping a reference count in the file information block or inode). By effectively prohibiting multiple references to directories, we maintain an acyclic- graph structure. To avoid these problems, some systems do not allow shared directories link. For example, in MS-DOS, the directory structure is a tree structure. 14.4 ACCESS METHODS There are several ways that the information in the file can be accessed. Some systems provide only one access method for files. On other systems, many different access methods are supported. 14.4.1 Sequential Access Information in the file is processed in order, one record after the other. This is by far the most common mode of access of files. For example, computer editors usually access files in this fashion. A read operation reads the next portion of the file and automatically advances the file pointer which tracks the I/O location. Similarly, a write appends to the end of the file advances to the end of the newly written material (the new end of file). Such a file can be reset to the beginning, and, on some systems, a program may be able to skip forward or 310 CU IDOL SELF LEARNING MATERIAL (SLM)

backward n records, for some integer n. This scheme is known as sequential access to a file. Sequential access is based on a tape model of a file. A sequential file may consist of either formatted or unformatted records. If the records are formatted, you can use formatted I/O statements to operate on them. If the records are unformatted, you must use unformatted I/O statements only. The last record of a sequential file is the end-of-file record. 14.4.2 Direct Access Direct access is based on a disk model of a file. For direct access, the file is viewed as a numbered sequence of block or records. A direct-access file allows arbitrary blocks to be read or written. Thus, after block 18 has been read, block 57 could be next, and then block 3. There are no restrictions on the order of reading and writing for a direct access file. Direct access files are of great use for intermediate access to large amounts of information. The file operations must be modified to include the block number as a parameter. Thus, we have \"read n\"; where n is the block number, rather than \"read next\", and \"write n\", rather than \"write next\". An alternative approach is to retain \"read next\" and \"write next\" and to add an operation; \"position file to n\" where n is the block number. Then, to affect a \"read n\", we would issue the commands \"position to n\" and then \"read next”. Not all OS support both sequential and direct access for files. Some systems allow only sequential file access; others allow only direct access. Some systems require that a file be defined as sequential or direct when it is created; such a file can be accessed only in a manner consistent with its declaration. Direct-access files support both formatted and unformatted record types. Both formatted and unformatted I/O work exactly as they do for sequential files. 14.4.3 Other Access Methods Other access methods can be built on top of a direct-access method. These additional methods generally involve the construction of an index for a file. The index contains pointers to the various blocks. To find an entry in the file, the index is searched first and the pointer is then used to access the file directly to find the desired entry. With a large file, the index itself may become too large to be kept in memory. One solution is to create an index for the index file. The primary index file would contain pointers to secondary index files, which would 311 CU IDOL SELF LEARNING MATERIAL (SLM)

point to the actual data items. For example, IBM's Indexed Sequential Access Method (ISAM) uses a small master index that points to disk blocks of a secondary index. The secondary index blocks point to the actual file blocks. The file is kept sorted on a defined key. To find a particular item, we first make a binary search of the master index, which provides the block number of the secondary index. This block is read in, and again a binary search is used to find the block containing the desired record. Finally, this block is searched sequentially. In this way, any record can be located from its key by at most direct access reads. 14.5 CONSISTENCY SEMANTICS Consistency semantics specify how multiple users are to access a shared file simultaneously. 1. Andrew File System (AFS) implemented complex remote file sharing semantics. 2. Unix file system (UFS) implements: a. Writes to an open file visible immediately to other users of the same open file 3. Sharing file pointer to allow multiple users to read and write concurrently 4. AFS has session semantics b. Writes only visible to sessions starting after the file is closed. Semantics of File Sharing 1. UNIX semantics: used in centralized systems. a. a read that follows a write sees the value written by the write. 2. a read that follows two writes in quick succession sees the result of the last write. Issues in Distributed File Systems 1. Single File Server - No client caching a. easy to implement UNIX semantics 2. Client File Caching b. improves performance by decreasing demand at the server 3. Updates to the cached file are not seen by other clients. 312 CU IDOL SELF LEARNING MATERIAL (SLM)

Session Semantics: (relaxed semantics) 1. Changes to an open file are only visible to the process that modified the file. 2. When the file is closed, changes are visible to other processes Þ closed file is sent back to the server. Session Semantics 1. What if two or more clients are caching and modifying a file? 2. final result depends on who closes last 3. Use an arbitrary rule to decide who wins. 4. file pointer sharing not possible when a process and its children run on different machines No File Updates Semantics 1. Files are never updated. 2. Allowed file operations: CREATE and READ. 3. Files are atomically replaced in the directory. 4. Problem: what if two clients want to replace a file at the same time? Take the last one or use any nondeterministic rule. Transaction Semantics 1. All file changes are delimited by a Begin and End transaction. 2. All file requests within the transaction are carried out in order. 3. The complete transaction is either carried out completely or not at all (atomicity). 14.6 DIRECTORY STRUCTURE ORGANIZATION The file systems of computers can be extensive. Some systems store thousands of files on hundreds of gigabytes of disk. To manage all these data, we need to organize them. This organization is usually done in two parts. First, the file system is broken into in the IBM world or volumes in the PC and Macintosh arenas. Typically, each disk on a system contains at least_<gngJ2flrtitioyi), which ISJI low-level structure in which files and directories inside. 313 CU IDOL SELF LEARNING MATERIAL (SLM)

Sometimes, partitions are used to provide several separate areas within one disk, each treated as a separate storage device, whereas other systems allow partitions to be larger than a disk to group disks into one logical structure. In this way, the user needs to be concerned with only the logical directory and file structure, and can ignore completely the problems of physically allocating space for files. For this reason, partitions can be thought of as virtual disks. Secondly, each partition contains information about files within it. This information is kept in a device directory or volume table of contents. The device directory (more commonly known simply as a \"directory\") records information – such as name, location, size, and type – for all files on that partition. The Logical Structure of a Directory is: 14.6.1 Single-level Directory The simplest directory structure is the single-level directory. All files are contained in the same directory, which is easy to support and understand. A single-level directory has significant limitations however, when the number of files increases or when there is more than one user. Since all files are in the same directory, they must have unique names. If we have two users who call their data file test, then the unique-name rule is violated. For example, in one programming class, 23 students called the program for their second assignment prog 2, another 11 called it assigns. Although file names are generally selected to reflect the content of the file, they are often limited in length. The MS-DOS operating system allows only 11-character file names; UNIX allows 255 characters. directory cat bo a test data mail cont. hex records files Figure 14.2: Single-level Directory Even with a single user, as the number of files increases, it becomes difficult to remember the names of all the files, so as to create only files with unique names. It is not uncommon for a user to have hundreds of files on one computer system and an equal number of additional files on another system. In such an environment, keeping track of so many files are a daunting task. 314 CU IDOL SELF LEARNING MATERIAL (SLM)

14.6.2 Two-level Directory The disadvantage of a single-level directory is confusion of file names. The standard solution is to create a separate directory for each user. In the two-level directory structure, each user has his/her own user file directory (UFD). Each UFD has a similar structure, but lists only the files of a single user. When a user starts or a user logs in, the system's master file directory is searched. The master file directory is indexed by user name or account. master User 1 User 2 User 3 User 4 file directory user file cat bo a test a data a test x data a directory Figure 14.3: Two-level Directory When in a UDP a user refers to a particular file, only his own UFD is searched. Thus, different users may have files with the same name, as long as all the filenames within each UFD are unique. To create a file for a user, the operating system searches only that user's UFD to ascertain whether another file of that name exists. To delete a file, the operating system confines its search to the local UFD; thus, it cannot accidentally delete another user's file that has the same name. The user directories themselves must be created and deleted as necessary. A special system program is run with the appropriate user’s name and account information. The program creates a new user file directory and adds an entry for it to the master file directory. The execution of this program might be restricted to system administrators. The allocation of disk space for user directories can be handled with the techniques discussed earlier for files themselves. The two-level directory structure solves the name-collision problem, but it still has problems. This structure effectively isolates one user from another. This isolation is an advantage when the users are completely independent, but is a disadvantage when the users co-operate on some tasks and to access one user's account by other users is not allowed. 315 CU IDOL SELF LEARNING MATERIAL (SLM)

If access is to be permitted, one user must have the ability to name a file in another user's directory. A two-level directory can be thought of as a tree, or at least an inverted tree. The root of the tree is the master file directory. Its direct descendants are the UFDs. The descendants of the user file directories are the files themselves. Thus, a user name and a file name define a path name. Every file in the system has a path name. To name a file uniquely, user must know the path name of the file desired. For example, if user A wishes to access her own test file named test, she can simply refer to test. To access the test file of user B (with directory-entry name user b), however, she might have to refer to userb/test. Every system has its own syntax for naming files in directories other than the user's own. There is additional syntax to specify the partition of a file. For instance, in MS-DOS a partition is specified by a letter followed by a colon. Thus, file specification might be \"C:/userb/bs.test\". Some systems go even further and separate the partition, directory name, and file name parts of the specification. For instance, in VMS, the file \"login.com\" might be specified as: \"u:[sstdeck1]login.com;\" where \"u\" is the name of the partition, \"sst\" is the name of the directory, \"deck\" is the name of subdirectory, and \"1\", is the version number. Other systems simply treat the partition name as part of the directory name. The first name given is that of the partition, and the rest is the directory and file. For instance, \"/u/pbg/test\" might specify partition \"u\", directory \"pbg\", and file \"test\". A special case of this situation occurs in regard to the system files. Those programs provided as a part of the system (loaders, assemblers, compilers, utility routines, libraries, and so on) is generally defined as files. When the appropriate commands are given to the operating system, these files are read by the loader and are executed. Many command interpreters act by simply treating the command as the name of a file to load and execute. As the directory system is defined presently, this file name would be searched for in the current user file directory. One solution would be to copy the system files into each user file directory. However, copying all the system files would be enormously wasteful of space. (If the system files require 5 megabytes, then supporting 12 users would require 5 x 12 = 60 megabytes just for copies of the system files.) 316 CU IDOL SELF LEARNING MATERIAL (SLM)

14.6.3 Tree-structured Directories Once we have seen how to view a two-level directory as a two-level tree, the natural generalization is to extend the directory structure to a tree of arbitrary height. This generalization allows users to create their own sub-directories and to organize their files accordingly. The MS-DOS system, (for instance) is structured as a tree. In fact, a tree is the most common directory structure. The tree has a root directory. Every file in the system has a unique path name. A path name is the path from the root, through all the sub-directories, to a specified file. root spell bin programs stat mail dist find count hex recorder pqr prog copy prt exp recorder list find hex count list obj spell all last first Figure 14.4: Tree-structured Directories Directory (or sub-directory) contains a set of files or sub-directories. A directory is simply another file but it is treated in a special way. All directories have the same internal format, one bit in each directory entry defines the entry as a file (0) or as a subdirectory (1) Special system calls are used to create and delete directories. In normal use, each user has a current directory. The current directory should contain most of the files that are of current interest to the user. When reference is made to a file, the current directory is searched. If a file is needed that is not in the current directory, then the user must either specify a path name or change the current directory to be the directory holding that file. To change the current directory to a different directory, a system call is provided that takes a directory name as a parameter and uses it to redefine the current directory. 317 CU IDOL SELF LEARNING MATERIAL (SLM)

Thus, the user can change his current directory whenever he desires. From one change directory system call to the next, all open system calls search the current directory for the specified file. The initial current directory of a user is designated when the user job starts or the user logs in. The operating system searches the accounting file (or ask) other predefined location to find an entry for this user (for accounting). In the accounting file is a pointer to (or the name of) the user's initial directory. This pointer is copied to a local variable for this user, which specifies the user's initial current directory. Path names can be of two types: absolute path names or relative path names. An absolute path name begins at the root and follows a path down to the desired file, giving the directory names on the path. A relative path name defines a path from the current directory. Allowing the user to define his own sub-directories permits him to impose a structure on his files. This structure might result in separate directories for files associated with different topics (for example, a subdirectory was created to hold the text of this book or different forms of information for example, the directory programs may contain source programs; the directory bin may store all the binaries. An interesting policy decision in a tree-structured directory structure is how to handle the deletion of a directory. If a directory is empty, its entry in its containing directory can simply be deleted. However, suppose the directory to be deleted is not empty, but contains several files, or possibly sub-directories. One of two approaches can be taken. Some systems, such as MS-DOS, will not delete a directory unless it is empty. Thus, to delete a directory, the user must first delete all the files in that directory. If there are any subdirectories, the procedure must be applied recursively to them, so that they can be deleted also. This approach may result in a substantial amount of work. An alternative approach, such as that taken by the UNIX rm command, to provide the option that, when a request is made to delete a directory, and that directory's files and subdirectories are also to be deleted. Note that either approach is fairly easy to implement; the choice is one of policy. The latter policy is more convenient, but more dangerous, because an entire directory structure may be removed with one command. If that command was issued in error, a large number of files and directories would need to be restored from backup tapes. With a tree-structured directory system, users can access, in addition to their files, the files of other users. For example, user B can access files of user A by specifying their path names. 318 CU IDOL SELF LEARNING MATERIAL (SLM)

User B can specify either an absolute or relative path name. Alternatively, user B could change her current directory by user A's directory, and access the files by their file names. Some systems also allow users to define their own search paths. In this case, user B could define her search path to be (1) her local directory, (2) the system file directory, and user A's directory, in that order. As long as the name of a file of user A did not conflict with the name of a local file or system file, it could be referred to simply by its name. 14.6.4 Acyclic-graph Directories Consider two programmers who are working on a joint project. The files associated with that project can be stored in a subdirectory, separating them from other projects and files of the two programmers. But since both programmers are equally responsible for the project, both want the subdirectory to be in their own directories. The common subdirectory should be shared. A shared directory or file will exist in the file system in two (or more) places at once. Notice that a shared file (or directory) is not the same as two copies of the file. With two copies, each programmer can view the copy rather than the original, but if one programmer changes the file, the changes will not appear in the other's copy. With a shared file, there is only one actual file, so any changes made by the person would be immediately visible to the other. This form of sharing is particularly important for shared subdirectories; a new file created by one person will automatically appear in all the shared subdirectories. A tree structure prohibits the sharing of files or directories. An acyclic graph allows directories to have shared subdirectories and files. The same file or subdirectory may be in two different directories. An acyclic graph (that is, a graph with no cycles) is a natural generalization of the tree-structured directory scheme. 319 CU IDOL SELF LEARNING MATERIAL (SLM)

root Figure 14.5: Acyclic-graph Directories In a situation where several people are working as a team, all the files to be shared may be put together into one directory. The user file directories of all the team members would each contain this directory of shared files as a subdirectory. Even when there is a single user, his file organization may require that some files be put into several different subdirectories. For example, a program written for a particular project should be both in the directory of all programs and in the directory for that project. Shared files and subdirectories can be implemented in several ways. A common way, exemplified by many of the UNIX systems, is to create a new directory entry called a link. A link is effectively a pointer to another file or subdirectory. For example, a link may be implemented as an absolute or relative path name (a symbolic link). When a reference to a file is made, we search the directory. The directory entry is marked as a link and the name of the real file (or directory) is given. We resolve the link by using the path name to locate the real file. Links are easily identified by their format in the directory entry (or by their having a special type on systems that support types), and are effectively named indirect pointers. The operating system ignores these links while traversing directory trees to preserve the acyclic structure of the system. The other approach to implementing shared files is simply to duplicate all information about them in both sharing directories. Thus, both entries are identical and equal. A link is clearly different from the original directory entry; thus, the two are not equal. Duplicate directory entries, however, make the original and the copy indistinguishable. A major problem with 320 CU IDOL SELF LEARNING MATERIAL (SLM)

duplicate directory entries is maintaining consistency if the file is modified. An acyclic-graph directory structure is more flexible than is a simple tree structure, but is also more complex. Several problems must be considered carefully. Notice that a file may now have multiple absolute path names. Consequently, distinct file names may refer to the same file. This situation is similar to the aliasing problem for programming languages. If we are trying to traverse the entire file system (to find a file, to accumulate statistics on all files, or to copy all files to backup storage), this problem becomes significant, since we do not want to traverse shared structures more than once. Another problem involves deletion. When can the space allocated to a shared file be deallocated and reused? One possibility is to remove the file whenever anyone deletes it, but this action may leave dangling pointers to the non-existent file. Worse, if the remaining file pointers contain actual disk addresses, and the space is subsequently reused for other files, these dangling pointers may point into the middle of other files. In a system where sharing is implemented by symbolic links, this situation is somewhat easier to handle. The deletion of a link does not need to affect the original file; only the link is removed. If the file entry itself is deleted, the space for the file is deallocated, leaving the links dangling. We can search for these links and remove them to, but unless a list of the associated link is kept with each file, this search can be expensive. Alternatively, we can leave the links until an attempt is made to use them. At that time, we can determine that the file of the name given by the link does not exist, and can fail to resolve the link name; the access is treated just like any other illegal file name. (In this case, the system designer should consider carefully what to do when a file is deleted and another file of the same name are created, before a symbolic link to the original file is used.) In the case of UNIX, symbolic links are left when a file is deleted, and it is up to the user to realize that the original file is gone or has been replaced. Another approach to deletion is to preserve the file until all references to it are deleted. To implement this approach, we must have some mechanism for determining that the last reference to the file has been deleted. We could keep a list of all references to a file (directory entries or symbolic links). When a link or a copy of the directory entry is established, a new entry is added to the file-reference list. When a link or directory entry is deleted, we remove its entry on the list. The file is deleted when its file-reference list is empty. 321 CU IDOL SELF LEARNING MATERIAL (SLM)

The trouble with this approach is the variable and potentially large size of the file-reference list. However, we really do not need to keep the entire list – we need to keep only a count of the number of references. A new link or directory entry increments the reference counts; deleting a link or entry decrements the count. When the count is 0, the file can be deleted; there are no remaining references to it. The UNIX operating system uses this approach for non-symbolic links, or hard links, keeping a reference count in the file information block or inode). By effectively prohibiting multiple references to directories, we maintain an acyclic- graph structure. 14.6.5 General Graph Directory One serious problem with using an acyclic graph structure is ensuring that there are no cycles. If we start with a two-level directory and allow users to create subdirectories, a tree- structured directory result. It should be fairly easy to see that simply adding new files and subdirectories to an existing tree-structured preserves the tree-structured nature. However, when we add links to an existing tree-structured directory, the tree structure is destroyed, resulting in a simple graph structure. The primary advantage of an acyclic graph is the relative simplicity of the algorithms to traverse the graph and to determine when there are no more references to a file. We want to avoid traversing shared sections of an acyclic graph twice, mainly for performance reasons. If we have just searched a major shared subdirectory for a particular file, without finding that file, we want to avoid searching that subdirectory again; the second search would be wastage of time. If cycles are allowed to exist in the directory, we likewise want to avoid searching any component twice, for reasons of correctness as well as performance. A poorly designed algorithm might result in an infinite loop continually searching through the cycle and never terminating. One solution is to arbitrarily limit the number of directories, which will be accessed during a search. 322 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 14.6: General Graph Directory A similar problem exists when we are trying to determine when a file can be deleted. As with acyclic-graph directory structures, a value zero in the reference count means that there are no more references to the file or directory, and the file can be deleted. However, it is also possible, when cycles exist, that the reference count may be non-zero, even when it is no longer possible to refer to a directory or file. This anomaly results from the possibility of self- referencing (a cycle) in the directory structure. In this case, it is generally necessary to use a garbage collection scheme to determine when the last reference has been deleted and the disk space can be reallocated. Garbage collection involves traversing the entire file system, marking everything that can be accessed. Then, a second pass collects everything that is not marked onto a list of free space. (A similar marking procedure can be used to ensure that a traversal or search will cover everything in the file system once and only once.) Garbage collection for a disk-based file system, however, is extremely time-consuming and is thus seldom attempted. Garbage collection is necessary only because of possible cycles in the graph. Thus, an acyclic-graph structure is much easier to work with. The difficulty is to avoid cycles, as new links are added to the structure. How do we know when a new link will complete a cycle? There are algorithms to detect cycles in graphs however; they are computationally expensive, especially when the graph is on disk storage. Generally, tree directory structures are more common than are acyclic-graph structures. 323 CU IDOL SELF LEARNING MATERIAL (SLM)

14.7 FILE PROTECTION A thread is a path which is followed during a program’s execution. Majority of programs written now a days run as a single thread. Let’s say, for example a program is not capable of reading keystrokes while making drawings. These tasks cannot be executed by the program at the same time. This problem can be solved through multitasking so that two or more tasks can be executed simultaneously. The original motivation for protection mechanisms came with the advent of multiprogramming. The intent was to confine each user's program to its assigned area of memory and thus, prevent programs from trespassing and harming each other. With the increased desire for sharing of objects in primary and secondary memory, more complex mechanisms for access control were devised. 14.7.1 Protection in Computer System Protection in primary storage is usually adjunct to address translation. Its objective is to allow concurrent aabc:bcd:cdend potentially mutually suspicious resident process to share the common physical address space, primary memory. In systems with contiguous allocation of memory, protection is usually accomplished with the aid of some sort of limit registers. When the program is loaded, the limit or the bound registers are set to delineate the extent of its legitimate address space. At run time, each memory reference is prechecked to verify that it is within the bounds. Otherwise, access to memory is denied, and an exception is raised to activate the protection mechanism. Protection is ensured by making modification of the limit registers, a privileged operation that can be executed only when the machine is running in the privileged, supervisor state. The supervisor state is usually reserved for the operating system and for trusted system programs. User programs, by default, run in the less privileged user mode. In paging systems, a page-map table lists all pages that the related program can access. In addition, the table stores access rights – such as read, write, or execute – for each individual page. Each process has a separate page-map table. At run-time, the hardware address translation mechanism translates virtual addresses to physical addresses. Before allowing access to memory, the hardware verifies that (1) The target page exists in the program's address space and (2) That the intended mode of access is permitted. Any discrepancy causes an exception that invokes the protection mechanism. Loading and modification of page-map tables are 324 CU IDOL SELF LEARNING MATERIAL (SLM)

privileged operations. The page-map tables themselves are usually kept in the operating system's private address space. Virtual-memory systems based on paging operate in much the same way, with the additional provision of handling legitimate references to pages that are not resident in main memory. Systems based on segmentation use the segment descriptor tables for address translation and protection. There is one segment-map table per process. Each entry of the table defines the base address, the length (size), and the access rights to the related segment. For each memory reference, the run-time address translation mechanism verifies that 1. The segment is within the program's address space, 2. The offset is valid, and 3. The intended mode of access is permitted. As discussed earlier, protection in secondary storage is usually affected by means of user- defined access rights that are associated with files and managed by the file system. Typically, the file owner- which is usually its creator – has the discretion to designate the access rights for all users of the file. The owner may subsequently modify the access rights in lists consisting of user IDs and their specific rights. The access list is usually stored in association with the file. For efficiency, some systems use abbreviated access lists. 14.7.2 Access-Matrix Model of Protection The use of seemingly quite different protection mechanisms for primary and secondary memory can sometimes obscure the basic underlying issues and principles. This section introduces the access-matrix model of protection, which serves as a useful abstraction for reasoning about protection mechanisms in computer systems. A computer system may be viewed as consisting of a set of subjects, such as processes, that operate on and manipulate a set of objects. Objects include both hardware, such as peripheral devices and memory segments, and software objects, such as files and arrays. From the software point of view, each object is an abstract data type. Operations on an object amount to applications of functions that may transform the state of the object. In principle, the specific subset of functions that can be meaningfully applied to an individual object is object-specific. The protection mechanism should ensure that (1) no process is allowed to 325 CU IDOL SELF LEARNING MATERIAL (SLM)

apply a function inappropriate to a given object type and (2) each process is permitted to apply only those functions that it is explicitly authorized for a specific object. For any given object, the latter set is a subset of the object-specific legitimate operations. The authority to execute an operation on an object is often called the access right. Some of these relationships may be expressed by means of an abstraction called protection domain, which specifies a set of objects and the types of operations that may be performed on each object. A protection domain is a collection of access rights, each of which is a pair <object identifier, rights set>. In general, domains need not be static; their elements can change as objects are deleted or created and the access rights are modified. Domains may overlap; a single object can participate in multiple domains, possibly with different access rights defined therein. A simple illustration of the protection domain concept is provided by the dual, user/supervisor mode of operation found in many computer systems. A more elaborate example, provided by the IBM/360 type of hardware, uses 4-bit memory protection keys and thus, supports up to 15 user domains. In multi-user systems, each user typically has a protected set of programs and files, which amounts to as many protection domains as there are users. A process executes in a protection domain at a given point in time. This binding is not static, and a process may switch between different protection domains in the course of its execution. In a flexible protection system, not all parts and phases of a program need be given equal and unrestricted access to all objects that the program has access rights to. For example, a procedure may have private data that it wants to have exclusive access rights to. The need to control access rights is especially pronounced in situations, where some common utilities, such as editors and compilers, are shared. In order for a process to use a shared utility, some of the user's access rights must be conveyed to it. For example, the compiler must be granted at least read access to the user's source file and, optionally, may have created and write-file access to the user program's home directory for object and listing files. However, it is unwise and dangerous to affect this transfer of rights by allowing the shared utility to assume all of the invoking user's access rights. Such promiscuous behaviour, not unusual in real systems, provides a fertile ground for planning of Trojan horses and for spreading of computer viruses. 326 CU IDOL SELF LEARNING MATERIAL (SLM)

These relationships may be represented by means of an access matrix, which is a representation of all access rights of all subjects to all objects in a computer system. It is usually depicted as a two-dimensional matrix, with protection domains as rows and system objects as columns. Both hardware and software objects are included in the access matrix. Figure 9.6 illustrates a small access matrix. Blank entries indicate no access rights. Thus, for example, a process executing in domain D2 can access only one object-File 2, in read-only mode. File 3 is presumably, a shared utility that is maintained by domain D3 and is also executable in domain D1. Object Domain File 1 File 2 File 3 Printer Execute Output Read D1 Write D2 Read Read D3 Write Output Execute Copy Figure 14.7: Access Matrix Although a useful model, access matrices are inefficient for storage of access rights in a computer system because they tend to be large and sparse. The actual forms of representation of access rights, captured and expressed by the access matrix, differ in practice in accordance with the access-control mechanism in use. The common access-control mechanisms are: 1. Access hierarchies, such as levels of execution privilege and block-structured programming languages. 2. Access lists of all subjects having access rights to a particular object. 3. Capabilities or tickets for objects that specify all access rights of a particular subject. These are discussed in greater detail in the two sections that follow. 14.7.3 Access Hierarchies A simple form of access hierarchy is provided by the dual, user/supervisor, mode of operation found in many computer systems. In that model, a restricted range of operations is available 327 CU IDOL SELF LEARNING MATERIAL (SLM)

in the user mode, which is a default for program execution. The supervisor mode is a superset that, in addition to user-mode instructions, allows execution of instructions that can adversely affect the system's integrity. These include certain I/O functions, halting of the machine, and updating of the address translation tables. The supervisor mode is reserved for the operating system and for trusted programs, usually various system utilities. Thus, user programs execute in the user domain, and the operating system executes in the supervisor domain. Instruction-level domain switching is allowed only in the privileged mode. When a user program needs to perform an operation outside its protection domain, it calls the operating system. At the control-transfer-point, such as the supervisor-call instruction, the operating system can check the user's authority and grant or deny execution accordingly. Some systems extend this mode of operation to multiple levels of protection. For example, some DEC minicomputers have three modes: kernel (most privileged), supervisor and user. The kernel mode is used in some designs to run the security kernel, supervisor for the rest of the operating system, and user mode is for application programs. The protection rings, introduced in Multics, are a generalization of the concept of a supervisor state. Each protection ring defines a domain of access. At any given time, each process runs in a specific protection ring, whose number is specified in the processor-status word as an integer in the range [0, r–1]. The access privileges of ring j are a subset of those for ring i, for all 0 < i < j < r–1. Protection rings are illustrated in Figure 9.6. Inner rings (lower numbers) have higher access rights. Protection barriers, in the form of call gates, are invoked by hardware when a lesser- privileged outer ring needs to call on a service running in an inner, more privileged, ring. Intel's 80286 and higher-numbered processors in that family, implement a reduced, four-ring version of the multics ring-protection scheme. decreasing 0 12 r-1 pri vilege 328 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 14.8: Protection Rings in Multics The concept of access hierarchy is not unique to hardware. It can also be used in software. For instance, the scope rules of block-structured programming languages, such as Pascal and C, represent a hierarchy of access domains. In that approach, the scope of an identifier encompasses the block x in which it is declared, and all blocks defined in x. As illustrated in Figure 9.8, identifiers declared in block A (outermost, level 0) are accessible in all of A's nested blocks. A statement contained in inner block D (level 2) may legally reference all identifiers declared in D's outer blocks – blocks A and B in the example - but not the identifiers declared in the disjoint block C. However, outer blocks cannot reference identifiers declared in their enclosed, inner-level blocks. For example, statements in block A do not have access to variables declared in blocks B and D, and variables declared in block D cannot be accessed from block B. A B D C Figure 14.9: Scope in a Block-structured Language In general, access hierarchies violate the design principle of least privilege. They usually grant too many access rights to privileged programs. For example, a process running at ring 0 has full access to the whole system. A bug or a Trojan horse in such a program can easily corrupt the entire system. Moreover, the linearity of the ring-based protection mechanism imposes too strict ordering of objects and access-right classes. This makes it difficult or impossible to represent arbitrary constraints, such as a cyclic graph. 14.7.4 Access Lists Access lists are one way of recording access rights in a computer system. They are frequently used in file systems. In principle, an access list is an exhaustive enumeration of the specific access rights of all entities (domains or subjects) that are authorized access to a given object. 329 CU IDOL SELF LEARNING MATERIAL (SLM)

In effect, an access list for a specific object is a list that contains all nonempty cells of a column of the access matrix associated with a given object. In systems that employ access lists, a separate list is maintained for each object. Usually, the owner has the exclusive right to define and modify the related access list. The owner of the object can revoke the access rights granted to a particular subject or a domain by simply modifying or deleting the related entry in the access list. Many variations of the access-list scheme are used to store access information in file systems. Typically, the access list or a pointer to it is stored in the file directory. Access lists may be combined with other schemes to strengthen protection. In multics, for example, access lists are combined with a ring-based protection scheme to control access to segments that reside on secondary storage. The primary drawback of access lists is the search overhead, imposed by the need to verify the authority of a subject to access a requested object. According to the principle of complete mediation, every request to access a file should be checked. In order to improve efficiency, some systems check the requestor's authority only when the file is opened. This weakens protection by opening the door for penetration after the file is opened and by making revocations of privilege ineffective as long as the user has the file open-which may be indefinitely in some systems. 14.8 SUMMARY  A file is a collection of letters, numbers and special characters: it may be a program, a database, a dissertation, a reading list, a simple letter etc. Sometimes you may import a file from elsewhere, for example from another computer. If you want to enter your own text or data, you will start by creating a file.  A file system is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. Disks provide the bulk of secondary storage on which a file system is maintained. To improve I/O efficiency, I/O transfer between memory and disk are performed in units of blocks. Each block is one or more sectors. Depending on the disk drive, sectors vary from 32 bytes to 4096 bytes; usually, they are 512 bytes. The file system provides the mechanism for online storage and access to both data and programs. 330 CU IDOL SELF LEARNING MATERIAL (SLM)

 The file system resides permanently on secondary storage, which has the main requirement that it must be able to hold a large amount of data, permanently. In a multi-user environment, a file is required to be shared among more than one user. There are several techniques and approaches to affect this operation.  The file systems of computers can be extensive. Some systems store thousands of files on hundreds of gigabytes of disk. The direct-access nature of disks allows flexibility in the implementation of files. In almost every case, many files will be stored on the same disk. Security policies specify what is desired in terms of protection and security. Security mechanisms specify how to affect the security policies and enforce them in a given system. 14.9 KEYWORDS  Flash File Systems: A flash file system is a file system designed for storing files on flash memory devices.  Indexed Allocation: It is a method in which each file has its own index block, which is an array of disk sector of addresses.  File Management: These programs create, delete, copy, rename, print, dump, list, and generally manipulate files and directories.  File Modification: Several text editors may be available to create and modify the content of files stored on disk or tape.  File-System Swap Space: File-system swap space is located on a mounted file system and can vary in size with the system’s swapping activity.  Disk File Systems: A disk file system is a file system designed for the storage of files on a data storage device, most commonly a disk drive, which might be directly or indirectly connected to the computer. 14.10 LEARNING ACTIVITY 1. Some file systems allow disk storage to be allocated at different levels of granularity. For instance, a file system could allocate 4 KB of disk space as a single 4-KB block or as eight 512-byte blocks. How could we take advantage of this flexibility to improve performance? What modifications would have to be made to the free-space management scheme in order to support this feature? 331 CU IDOL SELF LEARNING MATERIAL (SLM)

___________________________________________________________________________ ____________________________________________________________________ 14.11 UNIT END QUESTIONS A. Descriptive Questions Short Questions 1. Name different types of access methods used in file operations. 2. How can we protect a file? 3. What are different types of File Systems available? 4. Define Acyclic-graph directories. 5. What is the difference between sequential and direct access? Long Questions 1. Explain the file system architecture and functions. 2. What is file sharing and file allocation? 3. Briefly explain the access matrix model of protection. 4. What does the general graph directory contain? 5. Do you think the file system provides the mechanism for online storage and access to both data and programs? Why or why not? B. Multiple Choice Questions 1. Reliability of files can be increased by: a. keeping the files safely in the memory b. making a different partition for the files c. by keeping them in external storage d. by keeping duplicate copies of the file 332 CU IDOL SELF LEARNING MATERIAL (SLM)

2. Protection is only provided at the _____ level. a. lower b. central c. higher d. None of these 3. The main problem with access control lists is: a. their maintenance b. their length c. their permissions d. All of these 4. Many systems recognize three classifications of users in connection with each file (to condense the access control list): a. Owner b. Group c. Sub-owner d. Universe 5. All users in a group get _______ access to a file. 333 a. different b. similar c. None of these d. All of these CU IDOL SELF LEARNING MATERIAL (SLM)

6. Universe consists of: a. all users that aren’t included in the group or owners b. all users that are not owners c. all users in the system d. None of these 7. In UNIX, groups can be created and modified by: a. superuser b. any user c. a programmer only d. the people in the group only 8. To control access the three bits used in UNIX are represented by: a. r b. w c. ex d. x 9. If each access to a file is controlled by a password, then the disadvantage is that: a. user will need to remember a lot of passwords b. it is not reliable c. it is not efficient d. All of these 334 CU IDOL SELF LEARNING MATERIAL (SLM)

10. In a multilevel directory structure: a. the same previous techniques will be used as in the other structures b. a mechanism for directory protection will have to applied c. the subdirectories do not need protection once the directory is protected d. None of these Answers 1 d, 2 a, 3 b, 4 a, 5 b, 6 c, 7 a, 8 a, 9 a, 10 b. 14.12 REFERENCES  A. Silberschatz P.B. Galvin, Gange (2002). Operating System Concepts, 6th Ed., Addison Wesley Publishing Co., Boston.  H.M. Deitel (1990). An Introduction to Operating Systems, Addison Wesley Publishing Co., Boston.  D.M. Dhamdhare (2002). Operating System. Tata McGraw Hill, New Delhi.  A.S. Tanenbaum (2000). Operating Systems: Design and Implementation, Prentice Hall of India, New Delhi.  Nutt (2005). Operating Systems, 3rd Edition, Pearson Education, Delhi. 335 CU IDOL SELF LEARNING MATERIAL (SLM)