This invention relates to a method and system for allowing multiple users to have autonomous work areas in a computer system, and specifically to a method and system for providing discrete user cells in a UNIX-based system which is part of a world-wide communications network.
The UNIX operating system has proven to be particularly adaptable at providing communications over a world-wide communications network, often referred to as the Internet. The UNIX operating system is particularly adept at interactive time-sharing operations, and allowing a number of users to share data on a single disc storage facility, or hard drive.
As the Internet has grown, and large numbers of users have xe2x80x9clogged-onxe2x80x9d, the Internet is frequently taxed, along with the file servers which form the system. Obviously, one way to relieve the stress on the system is to provide a server for each user, with a xe2x80x9cuserxe2x80x9d being that entity which occupies a discrete identifier, or domain name. In many instances, however, it is not practical for a user to have its own file server. While it is certainly feasible to partition a disc storage facility in a computer to provide space for a user, such partitioning does not provide the requisite autonomy and privacy required, nor is the partitioning of the hard drive sufficiently flexible to allow a user to occupy a required amount of space, without, at the same time, tieing up unused disc space. Additionally, the standard UNIX process table does not provide the requisite separation of multiple processes running at the request of multiple users. This can result in unwanted access to a process, or to one process interfering with a like process running for another user.
The UNIX system provides an environment in which user-mode programs may be executed. Once a program is running, it is referred to as a process. The UNIX kernel provides access to devices, such as network interface, CPU execution time and mass, or disc, storage. Each UNIX kernel has a notion of its own identity and a network Internet Protocol (IP) number. Generally, all of the activity on a particular system takes place in a global process arena, with each process associated with a given host being identifiable by other computers on the network as being associated with that host. Known systems, such as that described in U.S. Pat. No. 5,421,011 to Camillone et al., suggest accounting procedures for tracking various users, or groups of users, but does not teach or suggest segregation of multiple users in a single computer system, wherein the users have a discrete network identity.
From the standpoint of security, however, the ability of the system to cross partition boundaries, or the ability of one user to gain access to the space of another user by xe2x80x9chacking,xe2x80x9d is of concern to users of the Internet. Existing systems do not provide adequate protection.
A system of multiple work areas for operating within a computer system, wherein the computer system includes a CPU, a memory module and a disc storage facility, includes plural autonomous resource units (ARUs) for running user processes, wherein each ARU includes a discrete IP address, and wherein a process running in one ARU is inaccessible by another ARU; a discrete identifier assigned to each ARU; and a connector which extends between each ARU and the computer system CPU and memory module.
A method of providing multiple, discrete, secure work areas in a computer system having a disc storage facility, a CPU, a memory module and a set of IP addresses, includes designating plural autonomous resource units in the disc storage facility; providing a barrier to prevent inter-ARU communications; assigning a discrete identifier to each ARU; and connecting each ARU to a CPU and memory module associated with the disc storage facility.
An object of the invention s to provide a computer system and method wherein a single user""s processes are not visible or accessible by other users of the system.
Another object of the invention is to provide for plural, autonomous resource units on a disc storage facility wherein the autonomous resource units are not accessible from one another.
A further object of the invention is to provide secure division of a disc storage facility for multiple users.