PageRenderTime 10ms CodeModel.GetById 2ms app.highlight 3ms RepoModel.GetById 2ms app.codeStats 0ms

/share/doc/psd/01.cacm/p1

https://bitbucket.org/freebsd/freebsd-head/
#! | 567 lines | 567 code | 0 blank | 0 comment | 0 complexity | 7c685e2d2e5a2e35437df48ec73fa30f MD5 | raw file
  1.\" This module is believed to contain source code proprietary to AT&T.
  2.\" Use and redistribution is subject to the Berkeley Software License
  3.\" Agreement and your Software Agreement with AT&T (Western Electric).
  4.\"
  5.\"	@(#)p1	8.1 (Berkeley) 6/8/93
  6.\"
  7.\" $FreeBSD$
  8.OH 'The UNIX Time-Sharing System''PSD:1-%'
  9.EH 'PSD:1-%''The UNIX Time-Sharing System'
 10.ds n \s+2
 11.hw above-mentioned
 12.ds s \s-2
 13.ds m \v'-.3'.\v'.3'
 14.TL
 15The UNIX
 16Time-Sharing System\f1\s10\v'-.2n'*\v'.2n'\s0\fP
 17.AU
 18D. M. Ritchie and K. Thompson
 19.AB
 20.FS
 21* Copyright 1974,
 22Association for Computing Machinery, Inc.,
 23reprinted by permission.
 24This is a revised version of an article
 25that appeared in Communications of the \*sACM\*n,
 26.IT 17 ,
 27No. 7 (July 1974), pp. 365-375.
 28That article was a
 29revised version of a paper presented
 30at the Fourth \*sACM\*n Symposium on Operating
 31Systems Principles,
 32\*sIBM\*n Thomas J. Watson Research Center,
 33Yorktown Heights,
 34New York,
 35October 15-17, 1973.
 36.FE
 37.UX
 38is a general-purpose, multi-user, interactive
 39operating system for the larger Digital Equipment Corporation
 40\*sPDP\*n-11 and
 41the Interdata 8/32 computers.
 42It offers a number of features
 43seldom found even in larger operating
 44systems, including
 45.IP i
 46A hierarchical file system incorporating
 47demountable volumes,
 48.IP ii
 49Compatible file, device, and inter-process I/O,
 50.IP iii
 51The ability to initiate asynchronous processes,
 52.IP iv
 53System command language selectable on a per-user basis,
 54.IP v
 55Over 100 subsystems including a dozen languages,
 56.IP vi
 57High degree of portability.
 58.LP
 59This paper discusses the nature
 60and implementation of the file system
 61and of the user command interface.
 62.AE
 63.NH
 64INTRODUCTION
 65.PP
 66There have been four versions of
 67the
 68.UX
 69time-sharing system.
 70.hy 12
 71The earliest (circa 1969-70) ran on
 72the Digital Equipment Corporation \*sPDP\*n-7 and -9 computers.
 73The second version ran on the unprotected
 74\*sPDP\*n-11/20 computer.
 75The third incorporated multiprogramming and ran
 76on the \*sPDP\*n-11/34, /40, /45, /60, and /70 computers;
 77it is the one described in the previously published version
 78of this paper, and is also the most widely used today.
 79.hy 14
 80This paper describes only the
 81fourth, current
 82system that runs on the \*sPDP\*n-11/70 and the
 83Interdata 8/32 computers.
 84In fact, the differences among the various systems is
 85rather small;
 86most of the revisions made to the originally published version of this
 87paper,
 88aside from those concerned with style,
 89had to do with details of the implementation of the file system.
 90.PP
 91Since
 92\*sPDP\*n-11
 93.UX
 94became operational
 95in February, 1971,
 96over 600 installations have been put into service.
 97Most of them are engaged in applications such as
 98computer science education,
 99the preparation and formatting of documents
100and other textual material,
101the collection and processing of trouble data
102from various switching machines within the Bell System,
103and recording and checking telephone service
104orders.
105Our own installation is used mainly for research
106in operating systems, languages,
107computer networks,
108and other topics in computer science, and also for
109document preparation.
110.PP
111Perhaps the most important achievement of
112.UX
113is to demonstrate
114that
115a powerful operating system for interactive use
116need not be expensive either in equipment or in human
117effort:
118it
119can run on hardware costing as little as $40,000, and
120less than two man-years were spent on the main system
121software.
122We hope, however, that users find
123that the
124most important characteristics of the system
125are its simplicity, elegance, and ease of use.
126.PP
127Besides the operating system proper, some major programs
128available under
129.UX
130are
131.DS
132.nf
133C compiler
134Text editor based on \*sQED\*n
135.[
136qed lampson
137.]
138Assembler, linking loader, symbolic debugger
139Phototypesetting and equation setting programs
140.[
141cherry kernighan typesetting mathematics cacm
142.]
143.[
144kernighan lesk ossanna document preparation bstj
145%Q This issue
146.]
147.fi
148.in +3n
149.ll -5n
150.ti -3n
151Dozens of languages including
152Fortran 77, Basic, Snobol, \*sAPL\*n, Algol 68, M6, \*sTMG\*n, Pascal
153.in
154.ll
155.DE
156There is a host of maintenance, utility, recreation and novelty programs,
157all written locally.
158The
159.UX
160user community, which numbers in the thousands,
161has contributed many more programs and languages.
162It is worth noting that the system is totally self-supporting.
163All
164.UX
165software is maintained on
166the
167system;
168likewise, this paper and all other
169documents
170in this issue
171were generated and formatted by the
172.UX
173editor and text formatting
174programs.
175.SH
176II. HARDWARE AND SOFTWARE ENVIRONMENT
177.PP
178The \*sPDP\*n-11/70 on which the Research
179.UX
180system is installed is a 16-bit
181word (8-bit byte) computer with 768K bytes of core memory;
182the system kernel
183occupies 90K bytes
184about equally divided between code
185and data tables.
186This system, however, includes a very large number of
187device drivers
188and enjoys a generous allotment
189of space for I/O buffers and system tables;
190a minimal system capable of running the software
191mentioned above can
192require as little as 96K bytes
193of core altogether.
194There are even larger installations;
195see the description of the
196\*sPWB/UNIX\*n systems,
197.[
198dolotta mashey workbench software engineering
199.]
200.[
201dolotta haight mashey workbench bstj
202%Q This issue
203.]
204for example.
205There are also much smaller, though somewhat restricted,
206versions of the system.
207.[
208lycklama microprocessor bstj
209%Q This issue
210.]
211.PP
212Our own \*sPDP\*n-11 has two
213200-Mb moving-head disks
214for file system storage and swapping.
215There are 20 variable-speed
216communications interfaces
217attached to 300- and 1200-baud data sets,
218and an additional 12 communication lines
219hard-wired to 9600-baud terminals and
220satellite computers.
221There are also several 2400- and 4800-baud
222synchronous communication interfaces
223used for machine-to-machine file transfer.
224Finally, there is a variety
225of miscellaneous
226devices including
227nine-track magnetic tape,
228a line printer,
229a voice synthesizer,
230a phototypesetter,
231a digital switching network,
232and a chess machine.
233.PP
234The preponderance of
235.UX
236software is written in the
237abovementioned C language.
238.[
239c programming language kernighan ritchie prentice-hall
240.]
241Early versions of the operating system were written in assembly language,
242but during the summer of 1973, it was rewritten in C.
243The size of the new system was about one-third greater
244than that of the old.
245Since the new system not only became much easier to
246understand and to modify but also
247included
248many functional improvements,
249including multiprogramming and the ability to
250share reentrant code among several user programs,
251we consider this increase in size quite acceptable.
252.SH
253III. THE FILE SYSTEM
254.PP
255The most important role of
256the system
257is to provide
258a file system.
259From the point of view of the user, there
260are three kinds of files: ordinary disk files,
261directories, and special files.
262.SH
2633.1 Ordinary files
264.PP
265A file
266contains whatever information the user places on it,
267for example, symbolic or binary
268(object) programs.
269No particular structuring is expected by the system.
270A file of text consists simply of a string
271of characters, with lines demarcated by the newline character.
272Binary programs are sequences of words as
273they will appear in core memory when the program
274starts executing.
275A few user programs manipulate files with more
276structure;
277for example, the assembler generates, and the loader
278expects, an object file in a particular format.
279However,
280the structure of files is controlled by
281the programs that use them, not by the system.
282.SH
2833.2 Directories
284.PP
285Directories provide
286the mapping between the names of files
287and the files themselves, and thus
288induce a structure on the file system as a whole.
289Each user has a directory of his own files;
290he may also create subdirectories to contain
291groups of files conveniently treated together.
292A directory behaves exactly like an ordinary file except that it
293cannot be written on by unprivileged programs, so that the system
294controls the contents of directories.
295However, anyone with
296appropriate permission may read a directory just like any other file.
297.PP
298The system maintains several directories
299for its own use.
300One of these is the
301.UL root
302directory.
303All files in the system can be found by tracing
304a path through a chain of directories
305until the desired file is reached.
306The starting point for such searches is often the
307.UL root .
308Other system directories contain all the programs provided
309for general use; that is, all the
310.IT commands .
311As will be seen, however, it is by no means necessary
312that a program reside in one of these directories for it
313to be executed.
314.PP
315Files are named by sequences of 14 or
316fewer characters.
317When the name of a file is specified to the
318system, it may be in the form of a
319.IT path
320.IT name ,
321which
322is a sequence of directory names separated by slashes, ``/\^'',
323and ending in a file name.
324If the sequence begins with a slash, the search begins in the
325root directory.
326The name
327.UL /alpha/beta/gamma
328causes the system to search
329the root for directory
330.UL alpha ,
331then to search
332.UL alpha
333for
334.UL beta ,
335finally to find
336.UL gamma
337in
338.UL beta .
339.UL \&gamma
340may be an ordinary file, a directory, or a special
341file.
342As a limiting case, the name ``/\^'' refers to the root itself.
343.PP
344A path name not starting with ``/\^'' causes the system to begin the
345search in the user's current directory.
346Thus, the name
347.UL alpha/beta
348specifies the file named
349.UL beta
350in
351subdirectory
352.UL alpha
353of the current
354directory.
355The simplest kind of name, for example,
356.UL alpha ,
357refers to a file that itself is found in the current
358directory.
359As another limiting case, the null file name refers
360to the current directory.
361.PP
362The same non-directory file may appear in several directories under
363possibly different names.
364This feature is called
365.IT linking ;
366a directory entry for a file is sometimes called a link.
367The
368.UX
369system
370differs from other systems in which linking is permitted
371in that all links to a file have equal status.
372That is, a file does not exist within a particular directory;
373the directory entry for a file consists merely
374of its name and a pointer to the information actually
375describing the file.
376Thus a file exists independently of any
377directory entry, although in practice a file is made to
378disappear along with the last link to it.
379.PP
380Each directory always has at least two entries.
381The name
382``\|\fB.\|\fP'' in each directory refers to the directory itself.
383Thus a program
384may read the current directory under the name ``\fB\|.\|\fP'' without knowing
385its complete path name.
386The name ``\fB\|.\|.\|\fP'' by convention refers to the parent of the
387directory in which it appears, that is, to the directory in which
388it was created.
389.PP
390The directory structure is constrained to have the form
391of a rooted tree.
392Except for the special entries ``\|\fB\|.\|\fP'' and ``\fB\|.\|.\|\fP'', each directory
393must appear as an entry in exactly one other directory, which is its
394parent.
395The reason for this is to simplify the writing of programs
396that visit subtrees of the directory structure, and more
397important, to avoid the separation of portions of the hierarchy.
398If arbitrary links to directories were permitted, it would
399be quite difficult to detect when the last connection from
400the root to a directory was severed.
401.SH
4023.3 Special files
403.PP
404Special files constitute the most unusual feature of the
405.UX
406file system.
407Each supported I/O device
408is associated with at least one such file.
409Special files are read and written just like ordinary
410disk files, but requests to read or write result in activation of the associated
411device.
412An entry for each special file resides in directory
413.UL /dev ,
414although a link may be made to one of these files
415just as it may to an ordinary file.
416Thus, for example,
417to write on a magnetic tape
418one may write on the file
419.UL /dev/mt .
420Special files exist for each communication line, each disk,
421each tape drive,
422and for physical main memory.
423Of course,
424the active disks
425and the memory special file are protected from
426indiscriminate access.
427.PP
428There is a threefold advantage in treating
429I/O devices this way:
430file and device I/O
431are as similar as possible;
432file and device names have the same
433syntax and meaning, so that
434a program expecting a file name
435as a parameter can be passed a device
436name; finally,
437special files are subject to the same
438protection mechanism as regular files.
439.SH
4403.4 Removable file systems
441.PP
442Although the root of the file system is always stored on the same
443device,
444it is not necessary that the entire file system hierarchy
445reside on this device.
446There is a
447.UL mount
448system request with two arguments:
449the name of an existing ordinary file, and the name of a special
450file whose associated
451storage volume (e.g., a disk pack) should have the structure
452of an independent file system
453containing its own directory hierarchy.
454The effect of
455.UL mount
456is to cause
457references to the heretofore ordinary file
458to refer instead to the root directory
459of the file system on the removable volume.
460In effect,
461.UL mount
462replaces a leaf of the hierarchy tree (the ordinary file)
463by a whole new subtree (the hierarchy stored on the
464removable volume).
465After the
466.UL mount ,
467there is virtually no distinction
468between files on the removable volume and those in the
469permanent file system.
470In our installation, for example,
471the root directory resides
472on a small partition of one of
473our disk drives,
474while the other drive,
475which contains the user's files,
476is mounted by the system initialization
477sequence.
478A mountable file system is generated by
479writing on its corresponding special file.
480A utility program is available to create
481an empty file system,
482or one may simply copy an existing file system.
483.PP
484There is only one exception to the rule of identical
485treatment of files on different devices:
486no link may exist between one file system hierarchy and
487another.
488This restriction is enforced so as to avoid
489the elaborate bookkeeping
490that would otherwise be required to assure removal of the links
491whenever the removable volume is dismounted.
492.SH
4933.5 Protection
494.PP
495Although the access control scheme
496is quite simple, it has some unusual features.
497Each user of the system is assigned a unique
498user identification number.
499When a file is created, it is marked with
500the user \*sID\*n of its owner.
501Also given for new files
502is a set of ten protection bits.
503Nine of these specify
504independently read, write, and execute permission
505for the
506owner of the file,
507for other members of his group,
508and for all remaining users.
509.PP
510If the tenth bit is on, the system
511will temporarily change the user identification
512(hereafter, user \*sID\*n)
513of the current user to that of the creator of the file whenever
514the file is executed as a program.
515This change in user \*sID\*n is effective only
516during the execution of the program that calls for it.
517The set-user-\*sID\*n feature provides
518for privileged programs that may use files
519inaccessible to other users.
520For example, a program may keep an accounting file
521that should neither be read nor changed
522except by the program itself.
523If the set-user-\*sID\*n bit is on for the
524program, it may access the file although
525this access might be forbidden to other programs
526invoked by the given program's user.
527Since the actual user \*sID\*n
528of the invoker of any program
529is always available,
530set-user-\*sID\*n programs
531may take any measures desired to satisfy themselves
532as to their invoker's credentials.
533This mechanism is used to allow users to execute
534the carefully written
535commands
536that call privileged system entries.
537For example, there is a system entry
538invokable only by the ``super-user'' (below)
539that creates
540an empty directory.
541As indicated above, directories are expected to
542have entries for ``\fB\|.\|\fP'' and ``\fB\|.\|.\|\fP''.
543The command which creates a directory
544is owned by the super-user
545and has the set-user-\*sID\*n bit set.
546After it checks its invoker's authorization to
547create the specified directory,
548it creates it and makes the entries
549for ``\fB\|.\|\fP'' and ``\fB\|.\|.\|\fP''.
550.PP
551Because anyone may set the set-user-\*sID\*n
552bit on one of his own files,
553this mechanism is generally
554available without administrative intervention.
555For example,
556this protection scheme easily solves the \*sMOO\*n
557accounting problem posed by ``Aleph-null.''
558.[
559aleph null software practice
560.]
561.PP
562The system recognizes one particular user \*sID\*n (that of the ``super-user'') as
563exempt from the usual constraints on file access; thus (for example),
564programs may be written to dump and reload the file
565system without
566unwanted interference from the protection
567system.