Distributed file systems, file sharing services, etc. have been provided. In one approach, a file system client, application, and/or agent running on a client system may receive file system calls made by applications running on the client system, and may be configured to make corresponding calls to a remote file system server, e.g., a metadata server. For example, to store or update a file the file system client may generate and send to the file system metadata server a write request. The write request may identify a plurality of chunks of data desired to be written to a file. The metadata server may be configured to provide a response indicating one or more locations, e.g., in a cloud-based object store, to which the data should be written by the client.
In some distribute file systems, e.g. as a result of de-duplication or other processing, chunks of data stored by the file system may be shared across multiple files and/or across multiple file system clients. In some embodiments, chunks of file system data that may be shared across files and/or clients may need to be stored and managed so as to ensure each user of the file system has secure access to files the user is authorized to access without also providing any user with access to data the user is not entitled to access.