Secondary abstract: |
The goal of this diploma thesis was to implement a service, which allows users to save and share data at a remote location. In the implementation, we focused on user experience. For a good user experience, it is very important that user can manage files in the same way as he is accustomed to dealing with local files.
If a whole system allowing a service is not fully connected, unavailability and/or inconsistency may appear. That problem is further discussed in the context of CAP theorem, which says, that it is impossible to reach high availability together with atomic consistency in the presence of network partitions.
We discuss two ways of file access control. Rights for file access are stored together with a user as a capability list and with files as an access control list. Access control mechanisms on local devices don't cause many problems. However, problems may appear, when different devices using different implementations of access control mechanisms connect among themselves. In such cases it is difficult to assure effective access control that would be compatible with both devices.
We describe some examples of service implementation solution, but none of them is ideal. Problems mainly occur in access control mechanisms. In the NFS solution, client with root access can get arbitrary UID, which makes it capable to access any file. Other three solutions use their own implementation of access control mechanism with the exception of Git. The latter in final implementation also uses its own implementation of access control mechanism. Discussed systems using their own implementation of access control mechanism only allow management through a web interface.
We present two examples of service implementation. In both, we succeed meeting all suitability criteria as we defined them. Services that we implemented are useful. We have chosen clients that maintain local copies of files, since they don't always have internet connectivity. This way we made files available even during network partition. However, we had to accept a possibility for some degree of inconsistency, which may appear while using service. In case of full connectivity, we can also achieve good consistency of files. At the end there still remains one important question, how to manage access rights from the file system of user device and not indirectly, using separate mechanism. |