Files-11


Files-11, also known as on-disk structure, is the file system used by Digital Equipment Corporation OpenVMS operating system, and also by the older RSX-11. It is a hierarchical file system, with support for access control lists, record-oriented I/O, remote network access, and file versioning.
Files-11 is similar to, but significantly more advanced than, the file systems used in previous Digital Equipment Corporation operating systems such as TOPS-20 and RSTS/E.

History

The native OpenVMS file system is descended from older DEC operating systems and is similar in many ways, both having been designed by Dave Cutler. A major difference is the layout of directories. These file systems all provided some form of rudimentary non-hierarchical directory structure, typically based on assigning one directory per user account. Under RSTS/E, each user account was represented by two numbers, a pair, and had one associated directory. Special system files, such as program executables and the OS itself, were stored in the directory of a reserved system account.
While this was suitable for PDP-11 systems, which possessed limited permanent storage capacity, VAX systems with much larger hard drives required a more flexible method of file storage: hierarchical directory layout in particular, the most notable improvement in ODS-2.

Overview

"Files-11" is the general term for five separate file systems, known as on-disk structure levels 1 through 5.
ODS-1 is the flat file system used by the RSX-11 OS, supported by older VMS systems for RSX compatibility, but never used to support VMS itself; it has been largely superseded by ODS-2 and ODS-5.
ODS-2 is the standard VMS file system, and remains the most common file system for system disks.
Although seldom referred to by their ODS level designations, ODS-3 and ODS-4 are the Files-11 support for the CD-ROM ISO 9660 and High Sierra Format file systems, respectively.
ODS-5 is an extended version of ODS-2 available on Alpha and IA-64 platforms which adds support for case-preserving filenames with non-ASCII characters and improvements to the hierarchical directory support. It was originally intended for file serving to Microsoft Windows or other non-VMS systems as part of the "NT affinity" project, but is also used on user disks and Internet servers.

Directory layout

All files and directories in a Files-11 file system are contained inside one or more parent directories, and eventually under the root directory, the master file directory. The file system is therefore organised in a directed acyclic graph structure.
In this example, File 2 has a directory entry under both Dir 2 and Dir 3; it is "in" both directories simultaneously. Even if removed from one, it would still exist in the other directory until removed from there also. This is similar to the concept of hard links in UNIX, although care must be taken that the file is not actually deleted on disks that are not set up for hard links.

Disk organization and naming

An operational VMS system has access to one or more online disks, each of which contains a complete, independent file system. These are either local storage or, in the case of a cluster, storage shared with remote systems.
In an OpenVMS cluster configuration, non-private disks are shared between all nodes in the cluster . In this configuration, the two system disks are accessible to both nodes via the network, but the private disk is not shared: it is mounted for use only by a particular user or process on that machine. Access to files across a cluster is managed by the OpenVMS Distributed Lock Manager, an integral part of the file system.
Multiple disks can be combined to form a single large logical disk, or volume set. Disks can also be automatically replicated into shadow sets for data security or faster read performance.
A disk is identified by either its physical name or by a user-defined logical name. For example, the boot device may have the physical name $3$DKA100, but it is generally referred to by the logical name SYS$SYSDEVICE.
File systems on each disk are hierarchical. A fully specified filename consists of a nodename, a username and password, a device name, directory, filename, file type, and a version number, in the format:
NODE"accountname password"::device:filename.type;ver
For example, FILE.EXT refers to the latest version of FILE.EXT, on the current default disk, in directory .
DIR1 is a subdirectory of the master file directory, or root directory, and DIR2 is a subdirectory of DIR1. A disk's MFD is identified by .
Most parts of the filename can be omitted, in which case they are taken from the current default file specification. The default file specification replaces the concept of "current directory" in other operating systems by providing a set of defaults for node, device name and directory. All processes have a default file specification which includes disk name and directory, and most VMS file system routines accept a default file specification which can also include the file type; the TYPE command, for example, defaults to ".LIS" as the file type, so the command TYPE F, with no extension, attempts to open the file F.LIS.
Every file has a version number, which defaults to 1 if no other versions of the same filename are present. Every time a file is saved, rather than overwriting the existing version, a new file with the same name but an incremented version number is created. Old versions can be deleted explicitly, with the DELETE or the PURGE command, or optionally, older versions of a file can be deleted automatically when the file's version limit is reached. Old versions are thus not overwritten, but are kept on disk and may be retrieved at any time. The architectural limit on version numbers is 32767. The versioning behavior is easily overridden if it is unwanted. In particular, files which are directly updated, such as databases, do not create new versions unless explicitly programmed.
ODS-2 is limited to eight levels of subdirectories, and only uppercase, alphanumeric names up to 39.39 characters. ODS-5 expands the character set to lowercase letters and most other printable ASCII characters, as well as ISO Latin-1 and Unicode characters, increases the maximum filename length and allows unlimited levels of subdirectories. When constructing a pathname for an ODS-5 file which uses characters not allowed under ODS-2, a special "^" syntax is used to preserve backwards compatibility; the file "file.tar.gz;1" on an ODS-5 disk, for example, would be referred to as "file^.tar.gz"—the file's name is "file.tar", and the extension is ".gz".

File security: protection and ACLs

VMS file security is defined by two mechanisms, UIC-based access control and ACL-based access control. UIC access control is based on the owner of the file and the UIC, or user, accessing the file. Access is determined by four groups of permissions:
And four permission bits:
The "system" access applies to any user whose UIC group code is less than or equal to the SYSGEN parameter MAXSYSGROUP ; "owner" and "group" apply to the owner of the file and that user's user group, and "world" applies to any other user. There is also a fifth permission bit, "Control", which is used to determine access to change file metadata such as protection. This group cannot be set explicitly; it is always set for System and Owner, and never for Group or World.
UIC-based access control is also affected by four system privileges, which allow users holding them to override access controls:
ACLs allow additional privileges to be assigned on a user- or group-specific basis; for example, a web server's UIC could be granted read access to all files in a particular directory. ACLs can be marked as inherited, where a directory file's ACL applies to all files underneath it. ACLs are modified using the EDIT/ACL command, and take the form of identifier/access pairs. For example, the ACL entry

would allow the user HTTP$SERVER to read and execute the file.

Logical names

A logical name is a system variable which may reference a disk, directory or file, or contain other program-specific information. For example, the logical SYS$SYSDEVICE contains the system's boot device. A logical name normally refers to a single directory or disk, e.g. SYS$LOGIN: which is the user's login directory ; these logicals cannot be used as true disk names—SYS$LOGIN:FILE is not a valid file specification. However, concealed logical names, defined by DEFINE/TRANSLATION=CONCEALED, can be used in that way; these rooted directories are defined with a trailing "." on the directory specification, hence
$ DEFINE/TRANS=CONCEAL HOME DISK$USERS:
would allow HOME:FILE to be used. More common are simple logicals which point to specific directories associated with some application software which may be located in on any disk or any directory. Hence logical ABC_EXE may point to a directory of executable programs for application ABC and ABC_TEMP may point to a directory of temporary files for that same application and this directory may be on the same disk and in the same directory tree as ABC_EXE or could be somewhere on another disk.
Logical names do not have a close equivalent in POSIX operating systems. They resemble Unix environment variables, except they are expanded by the file system, instead of the command shell or application program. They must be defined before use, so it is common for many logical names to be defined in the system startup command file, as well as user login command files.
In VMS, logical names may reference other logical names, and may contain lists of names to search for an existing filename. Some frequently referenced logical names are:
logical namemeaning
SYS$INPUTequivalent of standard input, program data source
SYS$OUTPUTequivalent of standard output, program data destination
SYS$ERRORequivalent of standard error, program error message destination
SYS$COMMANDsource of batch file commands
TTthe terminal associated with the process
SYS$PRINTthe default printer or print queue
SYS$LOGINhome directory for each user
SYS$SCRATCHtemporary folder, directory for temporary files
SYS$SYSTEMdirectory containing most system programs and a few vital data files, such as the system authorization file
SYS$SHAREshared runtime libraries, executables, etc.
SYS$LIBRARYsystem and added libraries

The closest non-DEC operating system to support the concept of logical names is AmigaOS, through the ASSIGN command. AmigaOS's disk operating system, AmigaDOS, which is a port of TRIPOS, bears some resemblance to DEC operating systems. For example, physical device names follow a pattern like DF0: for the first floppy disk, CDROM2: for the 3rd CD-ROM drive, etc. However, since the system can boot from any attached drive, the operating system creates the SYS: assignment to automatically reference the boot device used. Other assignments, LIBS:, PREFS:, C:, S:, et al. are also made, themselves referenced off SYS:. Users are, of course, allowed to create and destroy their own assignments too.

Record-oriented I/O: Record Management Services

Record Management Services is the structured I/O layer of the VMS operating system. RMS provides comprehensive program support for managing structured files, such as record-based and indexed database files. The VMS file system, in conjunction with RMS, extends files access past simple byte-streams and allows OS-level support for a variety of rich files types. Each file in the VMS file system may be thought of as a database, containing a series of records, each of which has one of more individual fields. A text file, for example, is a list of records separated by a newline character. RMS is an example of a record-oriented filesystem.
There are four record formats defined by RMS:
There are four record access methods, or methods to retrieve extant records from files:
At the disk level, ODS represents the file system as an array of blocks, a block being 512 contiguous bytes on one physical disk. Disk blocks are assigned in clusters. A file on the disk will ideally be entirely contiguous, i.e. the blocks which contain the file will be sequential, but disk fragmentation will sometimes require the file to be located in discontiguous clusters in which case the fragments are called 'extents'. Disks may be combined with other disks to form a volume set and files stored anywhere across that set of disks, but larger disk sizes have reduced the use of volume sets because management of a single physical disk is simpler.
Every file on a Files-11 disk has a unique file identification, composed of three numbers: the file number, the file sequence number, and the relative volume number. The NUM indicates where in the INDEXF.SYS file the metadata for the file is located; the SEQ is a generation number which incremented when the file is deleted and another file is created reusing the same INDEXF.SYS entry ; and the RVN indicates the volume number on which the file is stored when using a volume set.

Directories

The structural support of an ODS volume is provided by a directory file—a special file containing a list of file names, file version numbers and their associated FIDs, similar to VSAM catalogs on MVS. At the root of the directory structure is the master file directory, the root directory which contains every file on the volume.



This diagram shows an example directory containing 3 files, and the way each filename is mapped to the INDEXF.SYS entry.

The Master File Directory

At the top level of an ODS file system is the master file directory, which contains all top-level directory files, and several system files used to store file system information. On ODS-1 volumes, a two-level directory structure is used: each user identification code has an associated user file directory, of the form . On ODS-2 and later volumes, the layout of directories under the MFD is free-form, subject to a limit on the nesting of directories. On multi-volume sets, the MFD is always stored on the first volume, and contains the subdirectories of all volumes.
The following system files are present in the ODS MFD:
Note that the file system implementation itself does not refer to these files by name, but by their file IDs, which always have the same values. Thus, INDEXF.SYS is always the file with NUM = 1 and SEQ = 1.

Index file: INDEXF.SYS

The index file contains the most basic information about a Files-11 volume set.
There are two organizations of INDEXF.SYS, the traditional organization and the organization used on disks with GPT.SYS; with the GUID Partition Table structures.
With the traditional organization, block 1 is the boot block, which contains the location of the primary bootstrap image, used to load the VMS operating system. This is always located at logical block 0 on the disk, so that the hardware firmware can read it. This block is always present, even on non-system volumes.
After the boot block is the primary home block. This contains the volume name, the location of the extents comprising the remainder of the index file, the volume owner's UIC, and the volume protection information. There are normally several additional copies of the home block, known as the secondary home blocks, to allow recovery of the volume if it is lost or damaged.
On disks with GPT.SYS, GPT.SYS contains the equivalent of the boot block, and there is no primary home block. All home blocks present on a GPT-based disk are alternate home blocks. These structures are not included in INDEXF.SYS, and the blocks of the INDEXF.SYS file are unused.
The rest of the index file is composed of file headers, which describe the extents allocated to the files residing on the volume, and file metadata such as the owner UIC, ACLs and protection information. Each file is described by one or more file headers—more than one can be required when a file has a large number of extents. The file header is a fixed-length block, but contains both fixed- and variable-length sections:
If possible, the map and ACL sections of the header are contained completely in the primary header. However, if the ACL is too long, or the file contains too many extents, there will not be enough space in the primary header to store them. In this case, an extension header is allocated to store the overflow information.



Layout of the INDEXF.SYS header.

The file header begins with 4 offsets. Since the size of the areas after the fixed-length header may vary, the offsets are required to locate these additional areas. Each offset is the number of 16-bit words from the beginning of the file header to the beginning of that area.
If the file requires multiple headers, the extension segment number contains the sequence number of this header, beginning at 0 in the first entry in INDEXF.SYS.
STRUCLEV contains the current structure level and version of the file system; ODS-2 being structure level 2. An increase in the version number indicates a backwards-compatible change that older software may ignore; changes in the structure level itself are incompatible.
W_FID contains the ID of this file; EXT_FID holds the location of the next extension header, if any. In both of these values, the RVN is specified as 0 to represent the "current" volume.
FILECHAR contains several flags which affect how the file is handled or organised:
ACCMODE describes the privilege level at which a process must be running in order to access the file. VMS defines four privilege levels: user, supervisor, exec, and kernel. Each type of access - read, write, execute and delete - is encoded as a 2-bit integer.
FILEPROT contains the discretionary access control information for the file. It is divided into 4 groups of 4 bits each: system, owner, group and world. Bit 0 corresponds to read access, 1 to write, 2 to execute and 3 to delete. Setting a bit denies a particular access to a group; clearing it allows it.
If the file header is an extension header, BACKLINK contains the file ID of the primary header; otherwise, it contains the file ID of the directory file containing the primary entry for the file.

Other files