NTFS & INODE
This presentation was given at IIT, University of DhakaByMd.
Rayhanur RahmanAndAmit Seal AmiAs a part of class presentationOn
6th November, 2010
FILE SYSTEM
File System Definition
File system is a method of storing and organizing computer files
in secondary memory device
Mainly implemented on data storage such as HDD and Optical
ROMs
Types Of File System
Disk file system
Flash file system
Tape file system
Database file system
Transactional file system
Network file system
Shared file system
File System in Different OS
For Windows: FAT, FAT32, FAT64, NTFS
For Mac OSX: HFS plus
For Linux: ext2. Ext3, ext4, JFS, BTRFS
File System Layers
Application programs
Logical file system
File organization module
Basic file system
IO controller
Storage device
File System Overview
Boot Control Block
Volume Control Block
Directory Structure
File Control Block
NTFS
NTFS
New Technolgy File System superseding FAT
Used in windows NT, 2000, XP, Vista, 7, server edition 2009,
2008, 2010, Mac OSX, Linux
Directory Content: B Tree
File allocation: Bitmap
File size: 1 KB to 16 EB
Maximum number of files: 232 - 1
NTFS General Concept
Every structures in NTFS is considered as file
Control information of the structures and volumes are stored in
metadata files
Every filein NTFS system is a collection of attributes
All files are stored in NTFS system by using clusters
NTFS Arhitecture
Architecture Components
HDD: Contains one or more partitions
Boot Sector: Bootable partition stores information about volume
layout, file system structures, boot code that loads Ntdlr.
Master Boot Record: Contains executable code that the system
BIOS loads into memory. Scans the MBR to find the partition table
to determine which partition is the active, or bootable,
partition.
Architecture Components (Continued)
NTLDR.DLL: Switches CPU to protected mode, starts the file
system, reads the contents of the Boot.ini file. This information
determines the startup options and initial boot menu
selections.
NTFS.SYS: system file driver for NTFS
NTOSKRNL.EXE: Extracts information about which system device
drivers to load and the load order.
Kernel mode & User Mode
Clusters
Smallest amount of disk space allocated for holding a file
It contains number of the sectors dependent upon hard disk
Volume sizeCluster size
7 MB 512 MB 512 bytes
513 MB 1024 MB1 KB
1025 MB 2 GB2 KB
2 GB 2 TB4 KB
NTFS Volume Component
NTFS boot sector
Master file table
File system data
Master file table copy
File area
Metadata
These are NTFS system files
Created when volume is created
It contains data about data
Metadata Files
MFT & MFT2
Log file
Volume descriptor
Attribute descriptor list
Root directory
Volume boot code
Cluster allocation bitmap
Bad cluster lists
Master File Table
Contains information about every file & folder in a
volume
Starting point of the volume
It is something like relational database table
When a file or folder is created, an entry is made in MFT
containing its attributes list
NTFS Directories
Considered as file. When created, its entry is added to the MFT.
It containsHeader
Standard information attribute
File name attribute
Index root attribute
Index allocation attribute
Security descriptor attribute
NTFS Files
File is a collection of any kind of data. In NTFS, it is
implemented by combining various attributes. They are:Header
Standard information attributes
File name attributes
Data attributes
Security descriptor attributes
Some Key NTFS Features
NTFS Log
USN Journals
Hard links
Sparse files
File compression
Volume shadow copy
Transactional NTFS
Encrypting file system
Volume mount points
Directory junctions
Symbolic links
General NTFS Security Concept
Security is based on users/ user group
NTFS objects are protected by various NTFS permissions
Permission records are kept in ACL
All security and permission issues are managed by NTFS
auditor
Access Control List
Stored in MFT's security descriptor attribute
It is of two types: SACL & DACL
ACL contains ACE's where the permissions are stored
Standard Permissions & Permissions Groups
Permissions: Read(R), Write(W), Delete(D), Execute(X), Change
Permissions(P), Take Ownership(O)
Permission groups: No Access, List(R+X), Read(R+X), Add(W+X),
Add & Read(R+W+X), Change(R+W+X+D), Full Control
The creator user of a file has the full control
Permission Inheritance
Static Permission Inheritance
Dynamic Permission Inheritance
Permission Resolution & Auditing
When a access is requested for an object, ACEs are looked up to
resolve the permission of that object
NTFS auditor keeps track of all system events & stores them
in log file
INODE
A Look At UFS
Used in Unix and Unix Like OS
Also called Berkeley Fast File System or FFD or BSD (Berkeley
Software Distribution) Fast File System
Internal Structure: UFS Volume- Top Down Approach
Boot BlockSuper BlockInode ListData Block
Size of the file system
Number of free blocks on the system
A list of free blocks
Index to next free block on the list
Size of the inode list
Super Block Contents
Super Block Contains(continued)
Number of free inodes
A list of free inodes
Index to next free inode on the list
Lock fields for free block and free inode lists
Flag to indicate modification of super block
Free Inode List vs Inode List
12345678910
2357
Inode
An inode is a data structure on a traditional Unix-style file
system such as UFS. An inode stores basic information about a
regular file, directory, or other file system object.
How Inode Is Used
Inodes do not contain file names, only file metadata.
Unix directories are lists of "link" structures, which contains
one filename and one inode number.
The kernel must search a directory looking for a particular
filename and then convert the filename to the correct corresponding
inode number.
Operations Related to Inode
Two casesA file is created
A file is removed
When a file is created:
Kernel Searches the free inode list.
If a free inode is found, it is assigned to file.
If not found, it searches the inode list for free inodes.
When a file is removed:
Inode is removed as well. Possible scenarios:Free inode list in
super block is empty
Free inode list in super block is not emptyRemembered inode
number > freed inode
Remembered inode number < freed inode
What if:
Two processes try to get the same inode?When a process works
with an inode, it is locked by the lock flag.
Inode Structure
Contains two types of data:Information about file
Pointers to file.
Information about file:
Mode (file permissions and type)
Link Count
Owners GID
Owners UID
File Size (Bytes)
Time of last access
Time of last modification
Time inode was last changed
Pointers to Data block
Total pointers: 15
12 direct pointers to data blocks Each data block is of 8 KB
Without indirect pointers, it can represent 76KB data
blocks.
3 indirect pointers First indirect pointer (16MB)
Double indirect pointer (32GB)
Third indirect pointer (upto 70TB)
Indirect Pointers
One singly indirect pointer (a pointer that points to a block of
pointers that then point to blocks of the file's data) - 2048KB
One doubly indirect pointer (a pointer that points to a block of
pointers that point to other blocks of pointers that then point to
blocks of the file's data)
One triply indirect pointer (a pointer that points to a block of
pointers that point to other blocks of pointers that point to other
blocks of pointers that then point to blocks of the file's
data)
References
How NTFS
workshttp://www.technet.microsoft.com/en-us/library/cc781134(WS.10).aspx
Pc Guide Reference New technology File
Systemhttp://www.pcguide.com/ref/hdd/file/ntfs/index.htm
NTFS.comhttp://www.ntfs.com
NTFS Wikipedia, The free
encyclopediahttp://en.wikipedia.org/wiki/NTFS#Features
References
Unix
Internalshttp://www.angelfire.com/myband/binusoman/Unix.html
Inode pointer
structurehttp://en.wikipedia.org/wiki/Inode_pointer_structure
Inodehttp://en.wikipedia.org/wiki/Inode
Unix File Systems Programming: Communication, Concurrency and
ThreadBy Kay A. Robbins, Steven Robbins, Prentice Hall
Muokkaa otsikon tekstimuotoa napsauttamalla
Muokkaa jsennyksen tekstimuotoa napsauttamallaToinen
jsennystasoKolmas jsennystasoNeljs jsennystasoViides
jsennystasoKuudes jsennystasoSeitsems jsennystasoKahdeksas
jsennystasoYhdekss jsennystaso
