top - download
⟦747ac29af⟧ Wang Wps File
Length: 27747 (0x6c63)
Types: Wang Wps File
Notes: CPS/SDS/001
Names: »1372A «
Derivation
└─⟦9046c1e66⟧ Bits:30006058 8" Wang WCS floppy, CR 0090A
└─ ⟦this⟧ »1372A «
WangText
…08……0b……08……0e……08……02……08……07……07……08……07……09……07……0d……07……0e……86…1
…02…
…02…
…02…
…02…CPS/SDS/001
…02…OKH/820204…02……02…
CAMPS
SYSTEM
DESIGN
SPECIFICATION
…02…ISSUE
1.2…02…CAMPS
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
5.7 FILE MANAGEMENT SYSTEM ...................
313
5.7.1 General ..............................
313
5.7.1.1 Purpose and Scope ................
313
5.7.1.2 Applicable Documents and Project
References, Special for Section
5.7 ..............................
313
5.7.1.3 Terms and Abbreviations Special
for Section 5.7 ..................
313
5.7.2 Summary of Requirements ..............
313
5.7.2.1 General Description ..............
313
5.7.2.1.1 Function Overview ............
313
5.7.2.1.2 Interfaces ...................
314
5.7.2.2 Functions ........................
317
5.7.2.2.1 Devices .......................
317
5.7.2.2.1.1 Disk Controller and Disk
Drive ....................
317
5.7.2.2.1.2 Mirrored Disks and Their
Management ...............
321
5.7.2.2.1.3 Bad Sectors ..............
322
5.7.2.2.1.4 Naming of Devices ........
322
5.7.2.2.2 Volumes ......................
323
5.7.2.2.2.1 Volume Label .............
323
5.7.2.2.2.2 Volume Handling ..........
323
5.7.2.2.2.3 Volume Threshold .........
323
5.7.2.2.2.4 Volume Initialization ....
324
5.7.2.2.3 Files ........................
325
5.7.2.2.3.1 File Types and Their
Characteristics ..........
325
5.7.2.2.3.2 File Handling ............
327
5.7.2.2.3.3 File Catalogues and Naming
328
5.7.2.2.3.4 Data Transfer Commands ...
337
5.7.2.2.3.5 Examples in File Manipula-
tions ....................
338
5.7.2.2.4 Security and Access Control ..
339
5.7.2.2.5 Recovery .....................
342
5.7.2.3 FMS Control ......................
342
5.7.2.3.1 Parameter Control ............
342
5.7.2.3.2 Initialization ...............
342
5.7.2.3.3 Error Handling ...............
342
5.7.2.4 FMS Characteristics ..............
343
5.7.2.5 Design and Construction ..........
343
5.7.2.6 Documentation ....................
343
5.7.3 Environment ..........................
343
5.7.3.1 Standard Hardware, Firmware, and
Software .........................
343
5.7.3.2 External Interfaces ..............
343
5.7.3.3 Package Interfaces ...............
343
5.7 F̲I̲L̲E̲ ̲M̲A̲N̲A̲G̲E̲M̲E̲N̲T̲ ̲S̲Y̲S̲T̲E̲M̲
5.7.1 G̲e̲n̲e̲r̲a̲l̲
5.7.1.1 P̲u̲r̲p̲o̲s̲e̲ ̲a̲n̲d̲ ̲S̲c̲o̲p̲e̲
The "File Management System" (FMS) and the "Message
Management System" (MMS) together form the "Storage
and File Management Package" (SFM). This term is still
used as a common name, but with the advent of Preliminary
Design, the description has been partitioned into Section
5.7 FMS and Section 5.8 MMS.
FMS is the basic DAMOS part of SFM whereas MMS is the
specific CAMPS part of it.
5.7.1.2 A̲p̲p̲l̲i̲c̲a̲b̲l̲e̲ ̲D̲o̲c̲u̲m̲e̲n̲t̲s̲ ̲a̲n̲d̲ ̲P̲r̲o̲j̲e̲c̲t̲ ̲R̲e̲f̲e̲r̲e̲n̲c̲e̲s̲ ̲S̲p̲e̲c̲i̲a̲l̲
̲f̲o̲r̲ ̲S̲e̲c̲t̲i̲o̲n̲ ̲5̲.̲7̲
"Storage and File Management" CPS/SDS/016.
5.7.1.3 T̲e̲r̲m̲s̲ ̲a̲n̲d̲ ̲A̲b̲b̲r̲e̲v̲i̲a̲t̲i̲o̲n̲s̲ ̲S̲p̲e̲c̲i̲a̲l̲ ̲f̲o̲r̲ ̲S̲e̲c̲t̲i̲o̲n̲ ̲5̲.̲7̲
N/A
5.7.2 S̲u̲m̲m̲a̲r̲y̲ ̲o̲f̲ ̲R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲
5.7.2.1 G̲e̲n̲e̲r̲a̲l̲ ̲D̲e̲s̲c̲r̲i̲p̲t̲i̲o̲n̲
5.7.2.1.1 F̲u̲n̲c̲t̲i̲o̲n̲ ̲O̲v̲e̲r̲v̲i̲e̲w̲
Manages all disk and floppy disk storage except the
areas used for virtual memory.
Controls directly the use of disk controller RAM for
tables and buffers.
Disk space is subdivided into named files, controlled
via hierarchies of catalogues. Security and access
control information for files is included in the catalogues.
Read and write operations use relative addresses within
files, but direct addressing of physical disk sectors
by special privileged users is supported too.
Mount of disk volumes with check of volume label is
supported. Formatting, purging and labelling of disk
volumes are not performed directly by SFM.
Implements the concept of mirrored disks.
5.7.2.1.2 I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
FMS is implemented as a DAMOS process and a set of
disk and floppy disk handlers.
Each disk handler controls one disk controller.
User process requests are sent to a FMS REQUEST SYNCHRONIZATION
ELEMENT common to all user processes. Requests can
only be sent by means of the I/O System.
Responses are by FMS sent to a RESPONSE SYNCHRONIZATION
ELEMENT specific to the user issuing the request.
Responses must also be handled in the first hand by
I/O System.
Fig. 5.7.2.1.2-1 SFM Command-Response Interface
Figure 5.7.2.1.2-2 SFM Interface Chart in CAMPS environment
5.7.2.2 F̲u̲n̲c̲t̲i̲o̲n̲s̲
5.7.2.2.1 D̲e̲v̲i̲c̲e̲s̲
5.7.2.2.1.1 D̲i̲s̲k̲ ̲C̲o̲n̲t̲r̲o̲l̲l̲e̲r̲ ̲a̲n̲d̲ ̲D̲i̲s̲k̲ ̲D̲r̲i̲v̲e̲ ̲C̲o̲n̲c̲e̲p̲t̲
a1) G̲e̲n̲e̲r̲a̲l̲ ̲C̲o̲n̲c̲e̲p̲t̲
As seen on the interface chart figure 5.7.2.1.2-1
the disk handler is a part of FMS. The disk handler
is a software module which controls the disk drive
via a disk controller.
a2) D̲i̲s̲k̲ ̲C̲o̲n̲t̲r̲o̲l̲l̲e̲r̲
The disk controller consists of an I/O module and
a memory module. The disk controller relationship
to other modules is as described on figure 5.7.2.2.1.1.b.
a3) D̲i̲s̲k̲ ̲C̲o̲n̲t̲r̲o̲l̲l̲e̲r̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲
The dual-ported disk controller provides the interface
between the CR80D I/O busses and the disk device
as shown on figure 5.7.2.2.1.1.c.
a4) C̲A̲M̲P̲S̲ ̲D̲i̲s̲k̲ ̲C̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
The disk configuration related to CAMPS system
is depicted in figure 5.7.2.2.1.1.d and consists
of three disk drives and disk adaptors (DCA) each
connected to a disk controller with memory.
Figure 5.7.2.2.1.1.b…01…Disk Controller Relationship
Figure 5.7.2.2.1.1.c
figure 5.7.2.2.1.1.d
b) D̲i̲s̲k̲ ̲C̲o̲n̲t̲r̲o̲l̲l̲e̲r̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲a̲n̲d̲ ̲S̲t̲a̲t̲u̲s̲
The disk controller receives commands and delivers
status via the I/O busses.
Main operations are:
Seek, Read, Write, Seek and Read, Seek and Write,
Format, Read Address Field.
The data used in conjunction with the above mentioned
commands are:
Cylinder-, head-, and sector numbers.
Status information returned from the controller
can be as follows:
Write protected drive, Unexpected drive status,
Data field check or sync. error, Address field
check or sync. error, Sector marked as bad, Sector
is write protected, Illegal sector, Timing error,
Subbus overruns and parity error in controller
memory.
5.7.2.2.1.2 M̲i̲r̲r̲o̲r̲e̲d̲ ̲D̲i̲s̲k̲s̲ ̲a̲n̲d̲ ̲T̲h̲e̲i̲r̲ ̲M̲a̲n̲a̲g̲e̲m̲e̲n̲t̲
FMS support management of mirrored disk packs, which
are updated concurrently, to assure that data will
not be lost in case of a hard error on one disk.
Updating of mirrored disk pair thinking of power failure
is achieved by first updating the sectors on the first
volume. The same sectors on the other disk are updated
in a succeeding process. FMS shall allow exclusion
of one of the two identical volumes while normal service
goes on, on the other. After repair one volume shall
be brought to the state of the running volume while
normal service continues.
5.7.2.2.1.3 B̲a̲d̲ ̲S̲e̲c̲t̲o̲r̲s̲
FMS is able to handle bad sectors on each volume unless
it is sector 0 which will mean that the volume is useless.
Bad sectors are handled by keeping a translation table
on each volume, from each bad sector to an alternative
sector. Using mirrored disks the translation table
of the two disks shall be kept identical to assure
that all disk addresses can be interpreted in the same
way.
If bad sectors are detected while bringing a disk up,
they are marked as such on both disks and both translation
tables must be updated accordingly.
5.7.2.2.1.4 N̲a̲m̲i̲n̲g̲ ̲o̲f̲ ̲D̲e̲v̲i̲c̲e̲s̲
a) D̲e̲v̲i̲c̲e̲ ̲N̲a̲m̲e̲s̲
Each device, which is used by the system or will
be used, is referenced by a device name. A device
name is an array of 4 bytes.
b) D̲e̲v̲i̲c̲e̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
Commands for handling devices are administrated
by FMS. Introduction of a device to FMS is done
by the command ASSIGN. Input in conjunction with
the command is device name and description. DEASSIGN
command removes the specified device from the regime
of FMS.
c) D̲e̲v̲i̲c̲e̲ ̲D̲e̲s̲c̲r̲i̲p̲t̲i̲o̲n̲
When the device is introduced to FMS a description
of its attributes must be given as well. The attributes
are device, kind, size, physical address and device
name. Introduction is done by:
ASSIGN
Input: Device attributes
Device name
Removing a specified device from the regime of
FMS is done by
DEASSIGN
Input: Device name
5.7.2.2.2 V̲o̲l̲u̲m̲e̲s̲
5.7.2.2.2.1 V̲o̲l̲u̲m̲e̲ ̲L̲a̲b̲e̲l̲
Each volume administrated by FMS shall be recognized
by a volume name. The volume name is an array of 16
bytes. Volume name can be changed by a command to FMS.
5.7.2.2.2.2 V̲o̲l̲u̲m̲e̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
FMS is able to logically mount and dismount volumes
i.e. create the connection between the volume and FMS.
The MOUNT command checks the volume name against the
recorded volume name and open a number of system files.
Hereafter the volume is identified by the volume name.
DISMOUNT of volume has the effect that the specified
volume is excluded from FMS and the system files are
closed. The system files will be described in chapter
5.7.2.2.3.
5.7.2.2.2.3 V̲o̲l̲u̲m̲e̲ ̲T̲h̲r̲e̲s̲h̲o̲l̲d̲
A number of commands exists to control the filling
rate of the volumes. The maximum number of sector-allocation
on the volume is controlled by
SET VOLUME THRESHOLD
Input: Volume name
Threshold
Returning of current value of volume threshold is done
by:
GET VOLUME THRESHOLD
Input: Volume name
Output: Threshold
5.7.2.2.2.4 V̲o̲l̲u̲m̲e̲ ̲I̲n̲i̲t̲i̲a̲l̲i̲z̲a̲t̲i̲o̲n̲
a) G̲e̲n̲e̲r̲a̲l̲ ̲C̲o̲n̲c̲e̲p̲t̲
When a complete new volume is mounted on a disk
drive it must be prepared for receiving data. This
process is carried out by a utility initialization
program with the following steps:
- formatting of volume
- handling of bad sectors
- creation of an initial empty volume
b) V̲o̲l̲u̲m̲e̲ ̲F̲o̲r̲m̲a̲t̲t̲i̲n̲g̲
During the formatting process all sectors are marked
with an address information which only will be
used by the controller.
c) H̲a̲n̲d̲l̲i̲n̲g̲ ̲o̲f̲ ̲B̲a̲d̲ ̲S̲e̲c̲t̲o̲r̲s̲
All bad sectors will be marked and index table
updated accordingly. Handling of bad sectors during
start up of dualized disks has previously been
described.
d) C̲r̲e̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲a̲n̲ ̲I̲n̲i̲t̲i̲a̲l̲ ̲E̲m̲p̲t̲y̲ ̲V̲o̲l̲u̲m̲e̲
This process creates the system Files on the volume.
e) I̲n̲i̲t̲i̲a̲l̲i̲z̲a̲t̲i̲o̲n̲ ̲I̲n̲p̲u̲t̲ ̲P̲a̲r̲a̲m̲e̲t̲e̲r̲s̲
The parameters needed during the initialization
process are as follows:
Device name
Volume name
Number of sectors
System Files area size
Initial entries in the system files
5.7.2.2.3 F̲i̲l̲e̲s̲
5.7.2.2.3.1 F̲i̲l̲e̲ ̲T̲y̲p̲e̲s̲ ̲a̲n̲d̲ ̲t̲h̲e̲i̲r̲ ̲C̲h̲a̲r̲a̲c̲t̲e̲r̲i̲s̲t̲i̲c̲s̲
a) G̲e̲n̲e̲r̲a̲l̲ ̲C̲o̲n̲c̲e̲p̲t̲
A file is a logical sequence of blocks. Blocks
are identified by relative block number within
the file.
b) C̲o̲n̲t̲i̲g̲u̲o̲u̲s̲ ̲F̲i̲l̲e̲s̲
FMS supports two different mechanisms for transforming
a block number in a file to a sector number on
a volume. The block of a contiguous file is mapped
onto a sequence of contiguous sectors on a volume.
Figure 5.7.2.2.3.1-1…01…CONTIGUOUS FILE ON A VOLUME
Shaded sectors form a contiguous file consisting
of a number of blocks. Contiguous files will be
used for information where maximum length is known
in advance, as they cannot be extended.
c) R̲a̲n̲d̲o̲m̲ ̲F̲i̲l̲e̲s̲
The blocks of a random file are mapped onto sectors
which are scattered across a volume. The mapping
is based on an index which for each block number
in the file contains the number of the corresponding
sector on the volume. The index itself is also
stored on the volume. Index blocks can be linked
together to make the size of the file unlimited.
The random file will be used for information which
may change i.e. information under editing.
Figure 5.7.2.2.3.1-2
A random file on a volume
2 index blocks and 4 data blocks
d) F̲i̲l̲e̲ ̲C̲h̲a̲r̲a̲c̲t̲e̲r̲i̲s̲t̲i̲c̲s̲
1) F̲i̲l̲e̲ ̲N̲a̲m̲e̲
A file is referenced by a file name.
2) F̲i̲l̲e̲ ̲A̲t̲t̲r̲i̲b̲u̲t̲e̲s̲
File attributes is a record defining the characteristics
of a file.
It consists of four fields:
- volume name
- file organization see 5.7.2.2.3.1
- allocation size
- area size
Volume name has previously been described.
File organization may be contiguous or random
or a third structure called directories, which
will be described later.
Allocation size is the amount of space reserved
upon the creation of the file. Area size is the
amount of blocks allocated to a random file by
an extension of the file.
3) F̲i̲l̲e̲ ̲D̲e̲s̲c̲r̲i̲p̲t̲o̲r̲
An index identifying the file when it is open.
The file descriptor identifies a control block
which contains information such as address on volume,
file size, file users, etc. All access to a file
uses a file descriptor as reference.
5.7.2.2.3.2 F̲i̲l̲e̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
Some of the file handling functions include a user
identification. For details refer to section 5.7.2.2.5.
Before use of files, they must be created by the command:
CREATE
Input: User-id
Attributes
Output: File descriptor
Disconnection of a caller from a file can be controlled
by
DISMANTLE
Input: File descriptor
Defining the maximum number of sectors for a file is
done by the command:
SET FILE THRESHOLD
Input: File descriptor
Threshold
5.7.2.2.3.3 F̲i̲l̲e̲ ̲C̲a̲t̲a̲l̲o̲g̲u̲e̲s̲ ̲a̲n̲d̲ ̲N̲a̲m̲i̲n̲g̲
a) G̲e̲n̲e̲r̲a̲l̲ ̲C̲o̲n̲c̲e̲p̲t̲
To keep track of the information on the volume
there exists a number of system files called directories.
The contents are f.inst. symbolic names on files
and their physical address. Furthermore, the user
file information such as user(s), file attributes,
access and security control are recorded.
b) D̲i̲r̲e̲c̲t̲o̲r̲i̲e̲s̲ ̲D̲e̲s̲c̲r̲i̲p̲t̲i̲o̲n̲
1) B̲a̲s̲i̲c̲ ̲F̲i̲l̲e̲ ̲D̲i̲r̲e̲c̲t̲o̲r̲y̲
A volume can contain several files. Therefore,
each volume contains a Basic File Directory
(BFD) which acts as a table of contents for
the volume. Figure 5.7.2.2.3.3-1. Each file
on the volume is described by an entry in the
BFD. Such an entry contains the information
which is necessary to describe the file. Included
is information which makes it possible to retrieve
the blocks of the file, the size of the file,
a list of the users who are authorized to access
the file, etc.
Since the BFD contains an entry for each file
on the volume, a file is uniquely identified
by the sequence number of its entry in the
BFD. This form of file identification is used
in the file system.
To facilitate access to the BFD of a volume,
the BFD is also implemented as a file. The
BFD should always exist on the volume.
Figure 5.7.2.2.3.3-1
Basic File Directory and four files on a volume. (The
sector structure of the volume is abstracted away).
2) S̲y̲m̲b̲o̲l̲i̲c̲ ̲F̲i̲l̲e̲ ̲D̲i̲r̲e̲c̲t̲o̲r̲y̲
Whereas the BFD is concerned with maintaining
descriptions of the files on a volume, a Symbolic
File Directory (SFD) is concerned with the
naming of these files. Naming a file is thus
a function which is distinct from describing
its attributes. A SFD functions as a table.
Each entry transforms a user defined name into
a sequence number of a BFD entry (which is
a unique identification of a file). If a SFD
is used it is therefore possible to refer to
a file by a symbolic name. Figure 5.7.2.2.3.3-2.
By implementing an SFD as a file and by allowing
several SFDs on a volume, this scheme has been
generalized into a multilevel naming structure.
Figure 5.7.2.2.3.3-3. Since an SFD is itself
a file it can now be given a name in another
SFD etc. This process can continue to any depths,
and thus a hierarchical naming structure for
files exists.
Each volume contains a special SFD. This SFD
is considered the root of the naming hierarchy
for files. This means that a search for a named
file in principle must start in this SFD and
then possibly continue through lower level
SFDs. This special SFD should always exist
on the volume
Figure 5.7.2.2.3.3-2
Transformation of symbolic names into file references
via a SFD.
Figure 5.7.2.2.3.3-3
Transformation of symbolic names into a file reference
via several levels of SFD. (Starting with file no.
2 in the BFD (which is an SFD) the name 'mysfd' can
be transformed into a reference to file no. 4, which
transforms the name 'myfile' into a reference to file
no 0).
3) H̲o̲m̲e̲ ̲B̲l̲o̲c̲k̲
Each volume contains three special files:
- The Basic File Directory (BFD) which contains
a description of the files on the volume
- The Bit Map which contains information
on the allocation status of each sector
on the volume
- The Root Symbolic File Directory which
in principle is the starting point for
a search of a named file.
These files contain the information which makes
it possible to access the rest of the files
on the volume. Therefore, they should always
exist on the volume. Access to these files
can be gained through the Home Block (HB) of
the volume. Apart from the name of the volume
the HB contains the sector address of the description
of the BFD (which is actually contained in
the BFD).
The HB is the only information on the volume
which is not part of a file. Since the HB is
always stored on a known address on the volume
it can be used to bootstrap the entire file
structure.
Figure 5.7.2.2.3.3-4
The Home Block and the special files on a volume.
c) D̲i̲r̲e̲c̲t̲o̲r̲y̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
FMS include commands to insert, search for, change
and delete names in directories:
GETROOT
Input: Volume name
Output: File descriptor
The function of this command is that a file descriptor
(reference to) to root directory file is returned.
ENTER
Input: File name
File description
A new entry is put into the SFD file referenced
by the file descriptor
LOOK UP
Input: SFD file descriptor
File name
Output: File descriptor
The command searches through the SFD file and returns
a file descriptor corresponding to the file name.
UPDATE
Input: Volume name
The function is that the main memory resident volume
information is copied to the disk.
DESCENT
Input: SFD file descriptor
File name
Output: File descriptor
The result of the command is analogous to what
is achieved by a lookup command followed by a dismantle
command.
Figure 5.7.2.2.3.3-5
Descent (Fd1, myfile)(fd2) analog to
Lookup (Fd1, myfile)(fd2) and Dismantle (fd1)
d) U̲s̲e̲r̲ ̲F̲i̲l̲e̲s̲
The above mentioned commands were specially meant
for use on directory files. The following commands
can be used as well on user files.
DESCENT (see previous chapter)
RENAME
Input: SFD file descriptor
Old file name
New file name
Changes the name of a file in the SPD file directory
REMOVE
Input: SFD file descriptor
File name
Deletes the symbolic name of the file from the
SFD file.
5.7.2.2.3.4 D̲a̲t̲a̲ ̲T̲r̲a̲n̲s̲f̲e̲r̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
a) G̲e̲n̲e̲r̲a̲l̲ ̲C̲o̲n̲c̲e̲p̲t̲
The transfer commands are used to bring about the
actual transfer of data between external storage
media and the users data buffers.
b) D̲a̲t̲a̲ ̲T̲r̲a̲n̲s̲f̲e̲r̲ ̲M̲o̲d̲e̲s̲
1) D̲a̲t̲a̲ ̲B̲u̲f̲f̲e̲r̲ ̲t̲o̲ ̲S̲e̲c̲t̲o̲r̲s̲ ̲o̲r̲ ̲R̲e̲v̲e̲r̲s̲e̲
This transfer modes consider the external storage
media as volumes made up of sectors.
These modes are only available for privileged
system processes.
2) D̲a̲t̲a̲ ̲B̲u̲f̲f̲e̲r̲ ̲t̲o̲ ̲F̲i̲l̲e̲s̲ ̲o̲r̲ ̲R̲e̲v̲e̲r̲s̲e̲
This set of transfer commands is used to transfer
information between files and user data buffers.
Files are considered consisting of a sequence
of bytes.
c) T̲r̲a̲n̲s̲f̲e̲r̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
1) S̲e̲c̲t̲o̲r̲ ̲T̲r̲a̲n̲s̲f̲e̲r̲
The following two commands are only available
to privileged system processes.
Sectors can be transferred from external storage
media to user by issuing the command.
READ SECTORS
Input: File descriptor
File address
Output: Sectors
The disk sector is left unchanged. Transferring
sectors from user buffer to the external storage
media is achieved by the command.
WRITE SECTOR
Input: File descriptor
File address
Sectors
2) F̲i̲l̲e̲ ̲T̲r̲a̲n̲s̲f̲e̲r̲
By use of the following commands it is possible
to read and write any number of bytes at any
position on the file. Reading bytes are achieved
by
READ BYTES
Input: File descriptor
File address
Output: Byte string
Changing the content of a file is achieved
by:
MODIFY BYTES
Input: File descriptor
File address
Byte string
Adding additional data to the tailing edge
of a file is achieved by:
APPEND BYTES
Input: File descriptor
File address
Byte string
5.7.2.2.3.5 E̲x̲a̲m̲p̲l̲e̲s̲ ̲i̲n̲ ̲F̲i̲l̲e̲ ̲M̲a̲n̲i̲p̲u̲l̲a̲t̲i̲o̲n̲s̲
a) F̲i̲l̲e̲ ̲C̲r̲e̲a̲t̲i̲o̲n̲
The create command allocates space for the file
and returns a file descriptor.
File name may be inserted in SFD for later reference,
by the enter command.
A look up command searches for a specified file
in SFD and returns the corresponding file descriptor
when file is found.
b) U̲s̲e̲ ̲o̲f̲ ̲F̲i̲l̲e̲s̲
Searching of a user file with a specified file
name on a volume is carried out through the following
sequence of commands:
Getroot (vol. name)(fd1) command returns the file
descriptor fd1 for the root directory.
Descent (fd1,mycatl.)(fd2) returns a file descriptor
fd2 referencing the symbolic file directory mycatl.
Descent (fd2, myfile)(fd3) returns a file descriptor
fd3 referencing the actual user file.
After having used the transfer commands or after
having completed operations on the file a dismantle
command can be issued.
A dismantle command will have the effect that the
file will be inaccessible to the user. If it is
no longer accessible to anybody, it is deallocated
from the volume.
5.7.2.2.4 S̲e̲c̲u̲r̲i̲t̲y̲ ̲a̲n̲d̲ ̲A̲c̲c̲e̲s̲s̲ ̲C̲o̲n̲t̲r̲o̲l̲
a) U̲s̲e̲r̲ ̲a̲n̲d̲ ̲U̲s̲e̲r̲ ̲G̲r̲o̲u̲p̲s̲
A user is a process running under DAMOS. User may
be collected into user groups, which are the basis
for access control. An active process in the system
is identified by a user-id consisting of:
- user group identification
- process identification
b) U̲s̲e̲r̲ ̲C̲o̲m̲m̲a̲n̲d̲s̲
A user must be known to FMS before he is able to
execute commands. This is done by the command:
USER ON
Input: User-id.
Classification
The classification consist of a security profile.
To exclude a user from being able to execute commands,
the following command can be used.
USER OFF
Input: User-id.
The user-on and user-off commands may only be executed
by the parent of the user.
GET FILE INFORMATION
Input: File descriptor
File information type
Output: File information
This command returns the file information described
in the file information type. The command can be
used during the security and access control.
c) A̲c̲c̲e̲s̲s̲ ̲C̲o̲n̲t̲r̲o̲l̲ ̲L̲i̲s̲t̲ ̲a̲n̲d̲ ̲C̲a̲p̲a̲b̲i̲l̲i̲t̲i̲e̲s̲
To each file on a volume there is connected an
Access Control List (ACL). The ACL for a file describes
the access rights of each user who is authorized
to use the file. By access rights are meant the
set of operations which a user may perform on a
file. When a file is initially created the creator
is given the rights to access the file any way
he might choose.
Each time a file is accessed by a user it must
be verified that the user has the rights to do
so. Instead of consulting the volume resident ACL,
there exists an internal data structure called
Capabilities which show the access rights of user
groups to files which have been opened. Therefore,
the access to files can be controlled without accessing
external storage.
d) S̲e̲c̲u̲r̲i̲t̲y̲ ̲C̲o̲n̲t̲r̲o̲l̲ ̲o̲n̲ ̲F̲i̲l̲e̲ ̲A̲c̲c̲e̲s̲s̲
Each file and user has a security profile, which
is set by CREATE and USERON commands respectively.
At file access the general DAMOS security check
of a process accessing an object is performed.
e) P̲r̲i̲v̲i̲l̲e̲g̲e̲d̲ ̲F̲u̲n̲c̲t̲i̲o̲n̲s̲
A privileged function related to FMS is invoking
of certain commands by system user.
f) P̲r̲o̲t̲e̲c̲t̲
The above listed commands exist in conjunction
with the previously described security and access
rights. In order to protect a file it is possible
to change the access rights, the content of the
ACL, for a specified file by the command:
PROTECT
Input: File descriptor
User group id
Rights
The access rights are specified as rights to call
the following functions:
Enter
Lookup
Rename
Remove
Reset
Protect
Offer
Read bytes
Modify bytes
Append bytes
5.7.2.2.5 R̲e̲c̲o̲v̲e̲r̲y̲
Permanent files can be recovered. Data appended to
a file since last UPDATE command may, however, be lost.
5.7.2.3 F̲M̲S̲ ̲C̲o̲n̲t̲r̲o̲l̲
5.7.2.3.1 P̲a̲r̲a̲m̲e̲t̲e̲r̲ ̲C̲o̲n̲t̲r̲o̲l̲
FMS is controlled by parameters defining sizing values
for the following resources:
a) Available sectors on each volume
b) Use of Disk Controller Memory
c) Memory - and disk resident tables
5.7.2.3.2 I̲n̲i̲t̲i̲a̲l̲i̲z̲a̲t̲i̲o̲n̲
FMS is initialized by SSC.
5.7.2.3.3 E̲r̲r̲o̲r̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
FMS has internal error handling of the following types:
a) Retry disk operation a few times
b) Replace Bad Sectors by translation table on each
volume
c) Use the good one of a mirrored disk pair
Errors that cannot be resolved internally are either
reported back to callers or sent to SSC.
5.7.2.4 C̲h̲a̲r̲a̲c̲t̲e̲r̲i̲s̲t̲i̲c̲s̲
a) D̲i̲s̲k̲ ̲C̲a̲p̲a̲c̲i̲t̲y̲
The capacity of formatted disk is about 80 per
cent of the nominal disk capacity.
5.7.2.5 D̲e̲s̲i̲g̲n̲ ̲a̲n̲d̲ ̲C̲o̲n̲s̲t̲r̲u̲c̲t̲i̲o̲n̲
Refer to section 2.5.
5.7.2.6 D̲o̲c̲u̲m̲e̲n̲t̲a̲t̲i̲o̲n̲
Refer to section 2.6.
5.7.3 E̲n̲v̲i̲r̲o̲n̲m̲e̲n̲t̲
5.7.3.1 S̲t̲a̲n̲d̲a̲r̲d̲ ̲H̲a̲r̲d̲w̲a̲r̲e̲,̲ ̲F̲i̲r̲m̲w̲a̲r̲e̲,̲ ̲a̲n̲d̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲
FMS executes completely within active and standby PU.
It makes use of Disk Controller memory for tables and
disk cache.
5.7.3.2 E̲x̲t̲e̲r̲n̲a̲l̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
Not applicable.
5.7.3.3 P̲a̲c̲k̲a̲g̲e̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲s̲
Not applicable
