GPFS: Administration and Programming Reference - IRA Home

More documents

Recommendations

Info

Each GPFS file or directory has an access ACL that determines its access privileges. These ACLs control who is allowed to read or write at the file or directory level, as well as who is allowed to change the ACL itself. In addition to an access ACL, a directory may also have a default ACL. If present, the default ACL is used as a base for the access ACL of every object created in that directory. This allows a user to protect all files in a directory without explicitly setting an ACL for each one. When a new object is created, and the parent directory has a default ACL, the entries of the default ACL are copied to the new object’s access ACL. After that, the base permissions for user, mask (or group if mask is not defined), and other, are changed to their intersection with the corresponding permissions from the mode parameter in the function that creates the object. If the new object is a directory, its default ACL is set to the default ACL of the parent directory. If the parent directory does not have a default ACL, the initial access ACL of newly created objects consists only of the three required entries (user, group, other). The values of these entries are based on the mode parameter in the function that creates the object and the umask currently in effect for the process. Administrative tasks associated with traditional GPFS ACLs are: 1. “Setting traditional GPFS access control lists” 2. “Displaying traditional GPFS access control lists” on page 47 3. “Changing traditional GPFS access control lists” on page 48 4. “Deleting traditional GPFS access control lists” on page 48 Setting traditional GPFS access control lists Use the mmputacl command to set the access ACL of a file or subdirectory, or the default ACL of a directory. For example, to set the ACL for a file named project2.history, we can create a file named project2.acl that contains this: user::rwxc group::rwx- other::--x- mask::rwxc user:alpha:r-xc group:audit:rw-- group:system:rwx- In the project2.acl file above, v The first three lines are the required ACL entries setting permissions for the file’s owner, the owner’s group, and for processes that are not covered by any other ACL entry. v The last three lines contain named entries for specific users and groups. v Because the ACL contains named entries for specific users and groups, the fourth line contains the required mask entry, which is applied to all named entries (entries other than the user and other). Once you are satisfied that the correct permissions are set in the ACL file, you can apply them to the target file with the mmputacl command. For example, to set permissions contained in the file project2.acl for the file project2.history, enter: mmputacl -i project2.acl project2.history To confirm the changes, enter: mmgetacl project2.history The information sent to standard output is similar to: 46 GPFS: Administration and Programming Reference
#owner:guest #group:usr user::rwxc group::rwx- #effective:rw-- other::--x- mask::rw-c user:alpha:rwxc #effective:rw-c group:audit:rwx- #effective:rw-- group:system:-w-- Although you can issue the mmputacl command without using the -i option to specify an ACL input file, and make ACL entries through standard input, you will probably find the -i option more useful for avoiding errors when creating a new ACL. See the “mmputacl Command” on page 233 and the “mmgetacl Command” on page 185 for complete usage information. Displaying traditional GPFS access control lists Use the mmgetacl command to display the access ACL of a file or subdirectory, or the default ACL of a directory. For example, to display the ACL for the file project2.history, enter: mmgetacl project2.history The information sent to standard output is similar to: #owner:guest #group:usr user::rwxc group::rwx- #effective:rw-- other::--x- mask::rw-c user:alpha:rwxc #effective:rw-c group:audit:rwx- #effective:rw-- group:system:-w-- The first two lines are comments displayed by the mmgetacl command, showing the owner and owning group. All entries containing permissions that are not allowed (because they are not set in the mask entry) display with a comment showing their effective permissions. See the “mmgetacl Command” on page 185 for complete usage information. Applying an existing traditional GPFS access control list To apply the same traditional ACLs from one file or directory to another: 1. Issue the mmgetacl command with the -o option to place the information in an output file. 2. Apply the ACLs to the new file or directory by issuing the mmputacl command with the -i option. For example, use the -o option to specify a file to which the ACL is written: mmgetacl -o old.acl project2.history Then, to assign the same permissions to another file, project.notes, enter: mmputacl -i old.acl project.notes To confirm the changes, enter: mmgetacl project.notes The information sent to standard output is similar to: #owner:guest #group:usr user::rwxc Chapter 6. Managing GPFS access control lists and NFS export 47
Page 1:
General Parallel File System Admini
Page 4 and 5:
Note: Before using this information
Page 6 and 7:
Chapter 4. Managing disks . . . . .
Page 8 and 9:
mmrestripefile Command . . . . . .
Page 10 and 11:
viii GPFS: Administration and Progr
Page 12 and 13:
x GPFS: Administration and Programm
Page 14 and 15:
Table 1. Typographic conventions (c
Page 16 and 17: - The mmmount and mmumount commands
Page 18 and 19: - The local cluster no longer needs
Page 20 and 21: xviii GPFS: Administration and Prog
Page 22 and 23: 2 GPFS: Administration and Programm
Page 24 and 25: Remote shell command: /usr/bin/rsh
Page 26 and 27: v A node being deleted cannot be th
Page 28 and 29: You may be able to tune your cluste
Page 30 and 31: The system displays information sim
Page 32 and 33: If it becomes necessary to stop GPF
Page 34 and 35: ecorded in the GPFS configuration f
Page 36 and 37: Checking and repairing a file syste
Page 38 and 39: -j scatter Block allocation type -D
Page 40 and 41: Restriping offers the opportunity t
Page 42 and 43: See the “mmdf Command” on page
Page 44 and 45: 2. The TSM client code must be inst
Page 46 and 47: 26 GPFS: Administration and Program
Page 48 and 49: gpfs3nsd 0903C1573F2AD7B6 /dev/sdb1
Page 50 and 51: 12 % complete on Fri Feb 3 16:02:39
Page 52 and 53: suspended Indicates that data is to
Page 54 and 55: v You must identify the disks by th
Page 58 and 59: To disable quota management: 1. Iss
Page 60 and 61: During the normal operation of file
Page 62 and 63: The system displays output similar
Page 68 and 69: group::rwx- #effective:rw-- other::
Page 70 and 71: 2. A Directory ACL is similar to th
Page 72 and 73: This ACL shows four ACL entries (an
Page 74 and 75: general suggestion is for the compu
Page 80 and 81: Table 4. GPFS commands (continued)
Page 82 and 83: mmadddisk Command mmadddisk Command
Page 84 and 85: mmadddisk Command Note: Rebalancing
Page 86 and 87: mmaddnode Command Name mmaddnode Ad
Page 88 and 89: mmaddnode Command See also “mmchc
Page 90 and 91: mmapplypolicy Command how the mmapp
Page 92 and 93: mmapplypolicy Command MIGRATED /fs1
Page 94 and 95: mmauth Command delete Deletes a clu
Page 96 and 97: mmauth Command mmauth: Propagating
Page 98 and 99: mmbackup Command Name mmbackup - Ba
Page 100 and 101: mmbackup Command Tue Mar 18 14:03:2
Page 102 and 103: mmchattr Command -m MetadataReplica
Page 104 and 105: mmchcluster Command Name mmchcluste
Page 106 and 107: mmchcluster Command Security You mu
Page 108 and 109: mmchconfig Command Name mmchconfig
Page 110 and 111: mmchconfig Command dmapiMountTimeou
Page 112 and 113: mmchconfig Command and search for n
Page 114 and 115: mmchdisk Command Name mmchdisk - Ch
Page 116 and 117:
mmchdisk Command resume Informs GPF
Page 118 and 119:
mmcheckquota Command Name mmcheckqu
Page 120 and 121:
mmcheckquota Command 55 % complete
Page 122 and 123:
mmchfileset Command Examples This c
Page 124 and 125:
mmchfs Command If your file system
Page 126 and 127:
mmchfs Command When considering dat
Page 128 and 129:
mmchmgr Command GPFS: 6027-628 Send
Page 130 and 131:
mmchnsd Command Options NONE DiskNa
Page 132 and 133:
mmchpolicy Command Name mmchpolicy
Page 134 and 135:
mmcrcluster Command Name mmcrcluste
Page 136 and 137:
mmcrcluster Command If your primary
Page 138 and 139:
mmcrfileset Command Name mmcrfilese
Page 140 and 141:
mmcrfs Command Name mmcrfs - Create
Page 142 and 143:
mmcrfs Command Options other disk)
Page 144 and 145:
mmcrfs Command -z {yes | no} Enable
Page 146 and 147:
mmcrnsd Command Name mmcrnsd - Crea
Page 148 and 149:
mmcrnsd Command Note: This name can
Page 150 and 151:
mmcrnsd Command Location /usr/lpp/m
Page 152 and 153:
mmcrsnapshot Command Options NONE I
Page 154 and 155:
mmcrvsd Command Name mmcrvsd - Crea
Page 156 and 157:
mmcrvsd Command Options dataOnly In
Page 158 and 159:
mmcrvsd Command See also “mmcrnsd
Page 160 and 161:
mmdefedquota Command -u Specifies t
Page 162 and 163:
mmdefquotaoff Command mmlsquota -d
Page 164 and 165:
mmdefquotaon Command Security You m
Page 166 and 167:
mmdefragfs Command Name mmdefragfs
Page 168 and 169:
mmdefragfs Command gpfs60nsd 50688
Page 170 and 171:
mmdelacl Command “mmputacl Comman
Page 172 and 173:
mmdeldisk Command -F DescFile A fil
Page 174 and 175:
mmdelfileset Command Name mmdelfile
Page 176 and 177:
mmdelfileset Command 88 % complete
Page 178 and 179:
mmdelfs Command Examples To delete
Page 180 and 181:
mmdelnode Command Exit status 0 Suc
Page 182 and 183:
mmdelnsd Command Options NONE Exit
Page 184 and 185:
mmdelsnapshot Command When using th
Page 186 and 187:
mmdf Command Exit status 0 Successf
Page 188 and 189:
mmeditacl Command Name mmeditacl -
Page 190 and 191:
mmeditacl Command Exit status 0 Suc
Page 192 and 193:
mmedquota Command Group Name or gro
Page 194 and 195:
mmexportfs Command Name mmexportfs
Page 196 and 197:
mmfsck Command Name mmfsck - Checks
Page 198 and 199:
mmfsck Command -n Specifies a no re
Page 200 and 201:
mmfsck Command See also “mmcheckq
Page 202 and 203:
mmfsctl Command v Modifications to
Page 204 and 205:
mmfsctl Command lunA2 FlashCopy tar
Page 206 and 207:
mmgetacl Command Parameters Filenam
Page 208 and 209:
mmgetstate Command Name The mmgetst
Page 210 and 211:
mmgetstate Command See also “mmch
Page 212 and 213:
mmimportfs Command Parameters Devic
Page 214 and 215:
mmlinkfileset Command Name mmlinkfi
Page 216 and 217:
mmlsattr Command Name mmlsattr - Qu
Page 218 and 219:
mmlscluster Command Name mmlscluste
Page 220 and 221:
mmlsconfig Command Name mmlsconfig
Page 222 and 223:
mmlsdisk Command Name mmlsdisk - Di
Page 224 and 225:
mmlsdisk Command disk driver sector
Page 226 and 227:
mmlsfileset Command Name mmlsfilese
Page 228 and 229:
mmlsfileset Command 3. These comman
Page 230 and 231:
mmlsfs Command -o Additional mount
Page 232 and 233:
mmlsmgr Command Name mmlsmgr - Disp
Page 234 and 235:
mmlsmount Command Name mmlsmount -
Page 236 and 237:
mmlsnsd Command Name mmlsnsd - Disp
Page 238 and 239:
mmlsnsd Command gpfs1 gpfs1nsd 0972
Page 240 and 241:
mmlspolicy Command mmlspolicy fs2 -
Page 242 and 243:
mmlsquota Command When a quota mana
Page 244 and 245:
mmlssnapshot Command Name mmlssnaps
Page 246 and 247:
mmmount Command Name mmmount - Moun
Page 248 and 249:
mmpmon Command Name mmpmon - Manage
Page 250 and 251:
mmpmon Command Use of the -i flag i
Page 252 and 253:
mmpmon Command bytes written: 13946
Page 254 and 255:
mmputacl Command Options -d Specifi
Page 256 and 257:
mmquotaoff Command Name mmquotaoff
Page 258 and 259:
mmquotaon Command Name mmquotaon -
Page 260 and 261:
mmremotecluster Command Name mmremo
Page 262 and 263:
mmremotecluster Command 2. This com
Page 264 and 265:
mmremotefs Command Options -A {yes
Page 266 and 267:
mmrepquota Command Name mmrepquota
Page 268 and 269:
mmrepquota Command *** Report for U
Page 270 and 271:
mmrestorefs Command Exit status 0 S
Page 272 and 273:
mmrestripefile Command Name mmrestr
Page 274 and 275:
mmrestripefile Command See also “
Page 276 and 277:
mmrestripefs Command Assuming that
Page 278 and 279:
mmrestripefs Command See also “mm
Page 280 and 281:
mmrpldisk Command The disk descript
Page 282 and 283:
mmrpldisk Command See also “mmadd
Page 284 and 285:
mmsanrepairfs Command Repairing hyp
Page 286 and 287:
mmshutdown Command When using the r
Page 288 and 289:
mmsnapdir Command nonzero A failure
Page 290 and 291:
mmstartup Command Name mmstartup -
Page 292 and 293:
mmumount Command Name mmumount - Un
Page 294 and 295:
mmunlinkfileset Command Name mmunli
Page 296 and 297:
mmunlinkfileset Command See also
Page 298 and 299:
Table 9. GPFS programming interface
Page 300 and 301:
gpfs_close_inodescan() Subroutine N
Page 302 and 303:
gpfs_cmp_fssnapid() Subroutine Loca
Page 304 and 305:
gpfs_fcntl() Subroutine Name gpfs_f
Page 306 and 307:
gpfs_fcntl() Subroutine fcntlArg.po
Page 308 and 309:
gpfs_fputattrs() Subroutine Name gp
Page 310 and 311:
gpfs_free_fssnaphandle() Subroutine
Page 312 and 313:
gpfs_fssnap_id_t Structure Name gpf
Page 314 and 315:
gpfs_get_fsname_from_fssnaphandle()
Page 316 and 317:
gpfs_get_fssnaphandle_by_name() Sub
Page 318 and 319:
gpfs_get_fssnaphandle_by_path() Sub
Page 320 and 321:
gpfs_get_fssnapid_from_fssnaphandle
Page 322 and 323:
gpfs_get_snapdirname() Subroutine N
Page 324 and 325:
gpfs_get_snapname_from_fssnaphandle
Page 326 and 327:
gpfs_getacl() Subroutine Error stat
Page 328 and 329:
gpfs_iattr_t Structure /* don’t r
Page 330 and 331:
gpfs_ifile_t Structure Name gpfs_if
Page 332 and 333:
gpfs_igetattrs() Subroutine GPFS_E_
Page 334 and 335:
gpfs_igetfilesetname() Subroutine E
Page 336 and 337:
gpfs_igetstoragepool() Subroutine E
Page 338 and 339:
gpfs_iopen() Subroutine Exceptions
Page 340 and 341:
gpfs_iread() Subroutine EPERM The c
Page 342 and 343:
gpfs_ireaddir() Subroutine Examples
Page 344 and 345:
gpfs_ireadlink() Subroutine Locatio
Page 346 and 347:
gpfs_ireadx() Subroutine offset On
Page 348 and 349:
gpfs_next_inode() Subroutine Name g
Page 350 and 351:
gpfs_opaque_acl_t Structure Name gp
Page 352 and 353:
gpfs_open_inodescan() Subroutine No
Page 354 and 355:
gpfs_prealloc() Subroutine Exceptio
Page 356 and 357:
gpfs_putacl() Subroutine Exceptions
Page 358 and 359:
gpfs_quotactl() Subroutine Q_SETQUO
Page 360 and 361:
gpfs_quotaInfo_t Structure Name gpf
Page 362 and 363:
gpfs_seek_inode() Subroutine Locati
Page 364 and 365:
gpfsAccessRange_t Structure Name gp
Page 366 and 367:
gpfsClearFileCache_t Structure Name
Page 368 and 369:
gpfsDataShipMap_t Structure partiti
Page 370 and 371:
gpfsDataShipStart_t Structure flag
Page 372 and 373:
gpfsDataShipStop_t Structure Name g
Page 374 and 375:
gpfsFreeRange_t Structure Name gpfs
Page 376 and 377:
gpfsGetReplication_t Structure Name
Page 378 and 379:
gpfsGetSnapshotName_t Structure Nam
Page 380 and 381:
gpfsMultipleAccessRange_t Structure
Page 382 and 383:
gpfsRestripeData_t Structure Name g
Page 384 and 385:
gpfsSetReplication_t Structure rese
Page 386 and 387:
366 GPFS: Administration and Progra
Page 388 and 389:
mmsdrbackup User exit mmsdrbackup U
Page 390 and 391:
syncfsconfig User exit Name syncfsc
Page 392 and 393:
GPFS exceptions and limitations to
Page 394 and 395:
Page 396 and 397:
2455 South Road, Poughkeepsie, NY 1
Page 398 and 399:
Page 400 and 401:
metadataOnly Indicates that the dis
Page 402 and 403:
v manager | client - Indicates whet
Page 404 and 405:
Page 406 and 407:
v For AIX nodes, see Installing the
Page 408 and 409:
RPM at www.rpm.org/ The Internet En
Page 410 and 411:
commands (continued) mmchfileset 10
Page 412 and 413:
file systems (continued) creating 1
Page 414 and 415:
mmchattr 19, 81 mmchcluster 6, 84 m
Page 416 and 417:
setting access control lists 46 sna
Page 418 and 419:
Page 420:
Readers’ Comments — We’d Like
show all

GPFS: Administration and Programming Reference - IRA Home

Create successful ePaper yourself

Delete template?

Save as template?