Beginning with StorNext 6, the StorNext File System supports cross platform immutable files and directories.
- An immutable file cannot be changed in any way without first removing the immutable flag from it.
- This is enforced independently of access permissions on a file or user privileges.
- An immutable directory cannot have entries added or removed.
- Timestamp updates are not applied to immutable files, so the atime parameter does not change when an immutable file is read.
Control of this feature is client platform dependent. There are some subtle interactions to consider.
Linux
The Linux operating system supports immutable files directly. When a file is marked as immutable, Linux itself will enforce this. However, you can use the chattr (Change Attribute) command to control the attribute.
Note: Only the super user or a process that has the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
The chattr +i command sets the immutable flag, and the chattr -i command clears it.
Note: None of the other attributes controlled by the chattr command are supported by StorNext. For example, chattr +j, chattr +s, chattr +t.
You can use the lsattr command to view the immutable state of files.
Xsan
Mac OS supports two types of immutable files:
- User immutable files
- System immutable files
Users can set or clear the user immutable flag on a file, but only a super user can change the system immutable state of a file.
You can control user immutable state from the finder File Info menu by using the Locked button. User and system immutable files appear with a padlock icon over the lower left corner of the finder icon and will have the locked item checked in the file info dialog. A system immutable file displays the locked item greyed out ,because this state cannot be changed by a non-privileged user.
Users with the correct permissions can use the chflags command line tool to set or clear the user and system immutable states.
Windows
Windows does not support immutable files. However, it does support read only files. This is a special flag that is enforced by Windows itself. A file that has been made immutable on another platform will appear as a read only file on Windows clients. Windows clients can disable the read only state. When this happens, the file will no longer be immutable. There is a difference between a read only file and an immutable one, a read only file on Windows can be deleted, but an immutable file cannot. When Windows marks a file as read only, it appears immutable on Linux clients and user immutable on Xsan clients.
You can set the read only state using the chflags command line utility, or by using the File Properties dialog in Windows Explorer.
Note: If the file has been marked system immutable, Windows users cannot disable this state.
The readonly state on a directory has different meaning on Windows than in Linux or Xsan. In addition, the immutable state for a directory does not make that directory read only under Windows.
The following table summarizes the differences between platforms:
|
State Set |
Effect on Platform |
||
|---|---|---|---|
|
|
Mac |
Windows |
Linux |
|
Mac User Immutable |
User immutable (user can disable) |
Readonly (user can disable) |
Immutable (user cannot disable) |
|
Mac system Immutable |
System immutable (operator can disable) |
Readonly (operator cannot disable) |
Immutable (operator can disable) |
|
Windows Readonly |
User immutable (user can disable) |
Readonly (user can disable) |
Immutable (user cannot disable) |
|
Linux Immutable |
System immutable (operator can disable) |
Readonly (operator cannot disable) |
Immutable (operator can disable) |
Differences From Previous Releases
Prior to StorNext 6, user and system immutable existed on the Mac platform, and readonly existed on Windows. However, one platform's restrictions did not carry over to the other platforms. A Linux or Mac client could change Windows read only files, and Windows and Linux clients could change Mac immutable files. There was no visibility or enforcement of immutable on Linux.
Linux clients using prior versions of StorNext will be able to attempt to change immutable files, created on other platforms, but the MDC will prevent the change from completing.
Locking the Immutable State for a Specified Period of Time
Using the system immutable flag, you can place a file in a locked state where immutable cannot be turned off again for a period of time. This is a two-step process.
Using the Linux commands:
- Set the
atimeparameter on the file to a future date. For example, use thetouch -acommand to specify a date in the future. - Mark the file immutable. Remember, the
chattr +icommand sets the immutable flag, and thechattr -icommand clears it.
Note: The immutable state cannot be removed from this file until the time specified by the atime is in the past.
Interactions Between StorNext Storage Manager and the Immutable State
It is possible to mark files being managed by StorNext Storage Manager policies as immutable. The immutable state does not prevent StorNext Storage Manager from making copies of a file, truncating the disk copy, or retrieving the disk copy.
StorNext Storage Manager can use the atime parameter of a file to determine if it is a truncation candidate. Because this cannot be changed on an immutable file, a recently retrieved file is considered a truncation candidate when space is low. Furthermore, if a file is placed into compliance mode, this sets the atime parameter in the future, which causes StorNext Storage Manager to avoid truncating the file.
Note: The file could still be truncated manually, or if a no-space condition is hit (see Space Management for more details).
