In computing, a file system is a structure and set of rules for storing and retrieving data. Data is grouped into units called files. The file system determines the structure of each file. The file system also is used to manage file metadata, i.e., data that provides additional information about files. There are many different types of file systems, having many different file structures and rules. File systems may be used with many different types of storage devices and media, including hard disks, flash media, optical drives, etc. In addition, file systems may be used with multiple storage devices. For example, a file system may store files using an array of hard drives or multiple storage devices connected with each other via a computer network. Many different configurations of file system storage exist.
Many file systems include an internal application programming interface (API) for executing commands in the file system. A user may access the file system's API through a command line interface (CLI), where the user types commands in a terminal window. Alternatively, a user may access the file system's API through a graphical user interface (GUI) that allows the user to manipulate graphical elements (e.g., windows, icons, etc.) to execute file system commands. Many file systems use a standardized API, such as one defined by the Portable Operating Interface (POSIX) family of standards, or a variation thereof.
When a user attempts to execute a file system command, the file system applies internal rules (also known as authorization policies) to determine whether the user is allowed to execute that command. For example, access to certain commands may be different for different users. In addition, access to certain files or groups of files (e.g., directories or containers) may be different for different users. If a GUI is used to execute commands, it is important that the GUI adhere to the file system's authorization policies, to prevent malicious or otherwise unwanted access to files. A GUI that does not properly adhere to the file system's authorization policies may introduce a security vulnerability that threatens the proper operation of the file system and of applications and services using the file system.
The set of commands available in a typical file system API is limited and predefined. Commands available in the file system may include read, write, execute, etc. Standard file system commands do not allow for more complicated types of data operations. For example, file systems typically do not include commands for accessing features of cloud storage, such as archiving, caching, etc.
For features not available through the file system directly, an application or service may be used that executes independently from the file system. Using the separate application or service may involve accessing a specialized GUI that provides access to the additional features. For example, a web application may be used to administer features of a cloud service. However, as noted above, using a specialized GUI may introduce security vulnerabilities, if the GUI does not properly adhere to the file system's authorization policies. Moreover, if some commands are executed in a CLI and other commands are executed via a GUI, user workflow may be negatively impacted due to the time and inefficiency involved in switching computing contexts.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.