.ifi init_plm "FS-00" .srv draft "" .srv draft_date "" .srv section "%Arg1%" .pdl 66 .ifi l0h "Glossary" .inl 5 .unl +5 ACL .brf access control list .unl +5 AIM .brf access isolation mechanism .unl +5 AIM privilege .brf a flag, recorded in pds$access_authorization, that allows the process to defeat AIM requirements with respect to a particular subsystem. The AIM privileges that relate to the file system are seg and dir privilege. .unl +5 IACL .brf initial access control list .unl +5 ISOT .brf internal static offset table .unl +5 KST .brf known segment table .unl +5 KST garbage collection .brf the process by which directories that are no longer needed are cleaned out of the address space .unl +5 LOT .brf linkage offset table .unl +5 MSF component indicator .brf the normal value that is assigned to the bit count for a directory .unl +5 PAM .brf pathname associative memory .unl +5 RNT .brf reference name table .unl +5 SDW .brf segment descriptor word .unl +5 UID .brf unique identifier .unl +5 access control list (ACL) .brf a list of user id/access mode pairs specifying the access that particular user groups have to a branch. The ACL is Multics specification of discretionary access control. .unl +5 access control .brf the process of limiting the operations a user may perform on an object according to a set of rules .unl +5 access isolation mechanism (AIM) .brf the Multics specification of nondiscretionary control. AIM associates with each user an authorization (level and series of categories) and with each object an access class. The relationship between the user's authorization and the object's access class determines the user's allowed operations upon the object. .unl +5 access modes .brf the set of flags indicating what operations a user is allowed to perform on an object (such as read, write, execute) .unl +5 activation .brf the process of obtaining a page table for a segment, thereby allowing the paging of pages of the segment. A segment must be active to be connected to a process; refer to connection. .unl +5 address and name space management .brf that portion of the Multics supervisor which governs the introduction of segments and directories into the address space, the removal there from, and keeping track of the association between pathnames and segment numbers; also that portion which maintains the reference name table .unl +5 address space .brf the set of segments that can be addressed by the Multics hardware at any given time .unl +5 attribute property .brf a property of an entry for which the user may have access to either the entry or the parent of the entry to operate upon the property .unl +5 audit .brf to record an event in the security log. The term audit is used in this manual to refer to the decision to generate an audit message associated with a particular event; the audit message may or may not be added to the security log depending on the audit flags for the user. .unl +5 authorization access modes .brf the access modes a user has to an object factoring in ACL and AIM .unl +5 branch .brf a directory entry for a directory or a segment; also used to refer to the directory or segment so described .unl +5 connection .brf the process of making the SDW for the process for a given segment valid. After a segment is connected to a process, the process may reference the segment, via the hardware. The process of connecting to a segment may also require making the segment active; any connected segment must be active, but a segment that is active need not be connected to those processes whose address spaces contain it. .unl +5 contents property .brf a property of an entry for which the access requirement is specific access to the entry .unl +5 dc_find .brf the master module within directory control that locates directories and directory entries, enforces the system's security policy and audits the granting of access and attempted access violations .unl +5 dir_lock_seg .brf the data structure that records the complete set of directories locked by all processes .unl +5 directory .brf a data structure, implemented as a segment, that contains entries describing segments, directories, links, as well as access control lists and other describing information .unl +5 directory compactor .brf a function of the directory salvager that can recover unused space within a directory .unl +5 directory salvager .brf a system program that examines directories for correctness, and recovers and corrects directory entries .unl +5 directory write behind .brf a function (requested via the dirw parameter) that causes a force write of a directory when it is unlocked after having been locked for writing .unl +5 dirw .brf directory write behind .unl +5 dtbm .brf date-time branch modified (see also dtem) .unl +5 dtem .brf date-time entry modified .unl +5 effective access modes .brf the access modes a user has to an object factoring in ACL, AIM and rings .unl +5 entry .brf in this manual, refers to an entry in a directory that describes a branch or a link .unl +5 file system object .brf a branch or a link; that is, anything described by a directory entry .unl +5 initial access control list (IACL) .brf two per ring ACLs associated with a directory, one for segments and one for directories. Objects created of the corresponding type are automatically given this ACL, along with any user supplied ACL terms. .unl +5 initiation .brf the request on behalf of a user to associate a segment number in the address space with a pathname .unl +5 known segment table (KST) .brf the table that provides the mapping between the segment numbers within a process' address space and the segment's location in the file system hierarchy .unl +5 link .brf a directory entry that contains a pathname of another directory or directory entry .unl +5 link chasing .brf the process of encountering a link when searching for an entry, using the target pathname of that link to find a new entry, encountering another link in that process, using that link target to find yet another entry, etc. .unl +5 making known .brf the process of associating a KST entry with a segment in the file system hierarchy .unl +5 making unknown .brf the process of disassociating a KST entry with a segment in the file system hierarchy .unl +5 name lookup policy .brf the security policy that prevents the user from knowing the existence of an object if the user does not have sufficient access to perform any operation at all upon the object .unl +5 name space .brf the set of names associated with each segment in a process' address space .unl +5 pathname associative memory (PAM) .brf an associative memory that maps segment numbers for directories into their pathnames .unl +5 property .brf a piece of information associated with an entry; see status, contents and attributes property .unl +5 pseudo directory .brf a fabricated directory header, with a UID inserted so as to allow locking a directory whose existence or location in the hierarchy is unknown .unl +5 raw access modes .brf the access modes a user has to an object factoring in only the ACL .unl +5 reference name table (RNT) .brf a per ring table providing a set of names to be associated with each segment in the address space for use by the initiated segments dynamic linker search rule .unl +5 ring brackets .brf a set of ring numbers associated with a segment used to limit the set of rings within which a specific type of access may be performed upon the segment .unl +5 root .brf the directory in the Multics directory hierarchy under which all other directories are to some level subordinate .unl +5 segment .brf the smallest collection of machine addressable words over which the Multics hardware allows access control. A segment is an identifiable part of an address space. In normal user manuals, segment refers only to those segments that user processes may read, write or execute. In this manual, segment refers to both segments and directories (which are implemented as segments), unless otherwise noted. .unl +5 segment descriptor word (SDW) .brf a hardware known per segment control word that provides the hardware address for the segment, as well as the hardware enforced access control information .unl +5 setfaults .brf a function of segment control that revokes all process' access to a segment, called when a process potentially changes processes' access to the segment .unl +5 status property .brf a property of an entry for which the user needs to have specific access to the parent of the entry to perform the operation .unl +5 termination .brf the user request to disassociate a segment number with a pathname .unl +5 unique identifier .brf a unique 36 bit value assigned to each file system object at its creation .unl +5 usage count .brf a per ring count of the number of outstanding initiations of the corresponding segment, used to protect segments from being made unknown .inl -5 .brp ----------------------------------------------------------- Historical Background This edition of the Multics software materials and documentation is provided and donated to Massachusetts Institute of Technology by Group BULL including BULL HN Information Systems Inc. as a contribution to computer science knowledge. This donation is made also to give evidence of the common contributions of Massachusetts Institute of Technology, Bell Laboratories, General Electric, Honeywell Information Systems Inc., Honeywell BULL Inc., Groupe BULL and BULL HN Information Systems Inc. to the development of this operating system. Multics development was initiated by Massachusetts Institute of Technology Project MAC (1963-1970), renamed the MIT Laboratory for Computer Science and Artificial Intelligence in the mid 1970s, under the leadership of Professor Fernando Jose Corbato. Users consider that Multics provided the best software architecture for managing computer hardware properly and for executing programs. Many subsequent operating systems incorporated Multics principles. Multics was distributed in 1975 to 2000 by Group Bull in Europe , and in the U.S. by Bull HN Information Systems Inc., as successor in interest by change in name only to Honeywell Bull Inc. and Honeywell Information Systems Inc. . ----------------------------------------------------------- Permission to use, copy, modify, and distribute these programs and their documentation for any purpose and without fee is hereby granted,provided that the below copyright notice and historical background appear in all copies and that both the copyright notice and historical background and this permission notice appear in supporting documentation, and that the names of MIT, HIS, BULL or BULL HN not be used in advertising or publicity pertaining to distribution of the programs without specific prior written permission. Copyright 1972 by Massachusetts Institute of Technology and Honeywell Information Systems Inc. Copyright 2006 by BULL HN Information Systems Inc. Copyright 2006 by Bull SAS All Rights Reserved