An Operating Systems Vade Mecum

Access control 195directory is implied, but the LIST program would still need to open the working directory,and it has no name for it. We will therefore adopt a convention that % as a relativefile name refers to the working directory. ThenLIST %will list the working directory.Another nice feature we can add is a relative name that refers to the parent directory,the one right above the working directory in the tree. We will use ˆ for this purpose.If the working directory is courses, then Mary could use the commandCOPY slide1.text TO ˆ/thesis/slide1.text .We might as well generalize the notion of parent to include any number of levels up thetree. To move the same file into her advisor’s account, Mary could submit the followingcommand.COPY slide1.text TO ˆ/ˆ/troy/slide1.textWe see that ˆ is a local file name that refers to the parent directory, and it may be usedin arbitrary ways in a full file name. Likewise, we treat % as a local file name in eachdirectory that refers to that directory. Repeated uses of % in a file name are not as usefulas repeated uses of ˆ.The easiest way to implement these special file names is to place these two namesin every directory as aliases to that directory and to its parent. The root directory doesnot need a file ˆ.Setting up a directory is a job for the file manager because directories must followconsistency rules to prevent the file structure from becoming confused. We provide aservice call for this purpose.MakeDirectory(new name). This call builds a new directory with the givenname. The new name may be either absolute or relative to the working directory.The new directory is initialized to contain the ˆ and % files, which are aliases toits parent and itself, respectively. This call fails if the prefix of the new name (thatis, all but the last part) is not a directory, if the proposed directory already exists, orif the caller does not have permission to create this directory.2 ACCESS CONTROLFiles are used for long-term storage of information. Much information is either private(and should be secret) or at least important (and should be protected againstmodification). Therefore, the rights of users or their processes to access files must be restricted.Yet files are an indispensible means of sharing information, so, the restrictionsshould be selective.Restricted access with the possibility of sharing is not a new topic for us. Weencountered it in Chapter 3 when we were discussing main-store management. Therewere occasions when two processes would want to share a segment of information. Wewill now present a more formal discussion of access control in general.