1. Field of the Invention
The present invention generally relates to a distributed file sharing system. More particularly, the present invention relates to a distributed file sharing system advantageously applicable to a distributed file system that has a plurality of terminals distributed on, and connected to, a network and that allows the terminals to share files to build a single virtual file system. In addition, the invention also relates to a file access control method of dealing with such a distributed file system as a virtual file system, advantageously applicable to the access control of the directories or files in the file system
2. Description of the Background Art
On a computer terminal used as a host terminal, an access control list provided as one of OS (Operating System) functions is usually used for the file access control method. In the UNIX (trademark) system that is one of the operating systems, there are three classes of users for every file and directory: owner, owner group, and other users. For each of those classes, three types of access permission, read, write and execute, are assigned for controlling access to files. When a remote terminal uses the host terminal over a network, the host terminal examines an account of the user stored therein to check if the remote terminal has access permission for the files or directories.
From the standpoint of access control, a method is proposed for balancing or reducing the load that would otherwise be increased when a plurality of host terminals share a file server. Japanese patent Laid-Open Publication No. 120063/1999 discloses a shared file system in a distributed system eliminating the load of file management calculation and preventing file data from being transferred via a network to increase processing speed.
Japanese Patent Laid-Open Publication No. 305470/1997 discloses a shared file management device which monitors the status of shared files and the file storing means. Based on the monitoring result, the system manager reviews the arrangement or multiplexing of shared files and, based on the review, the file access control moves or multiplexes shared files to increase operation efficiency. Japanese Patent Laid-Open Publication No. 77054/1996 discloses a distributed file system in which each of server computers on a computer cluster, where a plurality of computers are networked, has the divided-file creation and deletion parts to create and delete a plurality of divided-files corresponding to distributed files, respectively. The distributed file management part sends out divided-file reference/update distribution information to a client computer before making a reference/update request to a distributed file. In response to this information, the reference/update request distribution part determines the location of the divided-file, in which a record index is stored for specifying the reference/update request, to efficiently distribute the load even when processing requests are received at a time.
In addition, Japanese Patent Laid-Open Publication No. 332782/1994 teaches a file server system, in which a plurality of file servers are provided on a network and each file server accesses its own file storage device. In this system, the file access request distributor references the load status of each file server, measured by the load information monitor, to select a file server to be accessed, in order to control file management. The file access request distributor issues a file access request under the corresponding communication control according to whether the selected file server is its own server or one of other servers. In particular, the file access request distributor selects a lightly loaded file server at write time to prevent access requests from concentrating on a particular file server. The four proposals described above are made from the standpoint of access control. They are essentially different from a technology that grants access rights to control file access.
A distributed file sharing system will be discussed below in which a plurality of host terminals are distributed on a network to form a single virtual file system. In general, a large problem with such a distributed file system is how access right should be integrated in the system. More specifically, in such a distributed file system, one host terminal controls the operation of the access right management server. In this case, the application of the file access method used in the UNIX system described above, in which the access right is checked of all directories and files included in a file path, would cause the distributed file system to check both the directories and the files during file access right checking. This requires an extremely long search period of time and sometimes becomes unrealistic.
A file search in a distributed file sharing system, where the concept of file sharing is introduced, requires the system to check the application-level access right of the directories and files of all file paths satisfying the search condition. It is therefore estimated that the distributed file sharing system will require a still longer search period of time.
A distributed file sharing system, which is treated virtually as a single file system as described above, makes it possible for a copy of a file in one host terminal to be cached into another host terminal. Because of this cache function, the access right checking of a host terminal file, once accessed and obtained, need not be made via the network unless the file is deleted. Regardless of this function, the host terminal issues an inquiry to the access right management server via the network when checking the access right of the file already stored in the terminal. This nullifies the significance of file caching in the host terminal.