No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 File System Feature Guide 12

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Working Principles

Working Principles

This section describes concepts and working principles of InfoLocker, including the WORM clock, WORM properties, WORM logs, file expiration time calculating, and WORM file status.

Basic Concepts

  • WORM clock

    To keep protection periods of directories or files unchanged even when the cluster time changes, when WORM properties are configured for a directory or file, the directory or file uses a WORM clock to perform timing. After a WORM clock is set, the system starts timing based on the clock, so that files are correctly protected even though the local clock time is changed.

    A WORM clock can only be set once, and cannot be modified after being set.

    The relationship between a WORM clock and cluster time is as follows:

    • If the cluster time is earlier than the WORM clock time, the WORM clock time moves forward 138 seconds more than the cluster time every hour.
    • If the cluster time is later than the WORM clock time, adjust the clock time to the cluster time.
    NOTE:
    If you change the cluster time, the WORM clock will be adjusted accordingly.
  • WORM property

    When a directory is set as a WORM root directory, all subdirectories, new directories, and new files under this directory automatically obtain the WORM properties of the directory. The property parameters can be configured only when the WORM root directory is being configured and cannot be modified. Table 7-3 describes WORM properties. The system determines the time when a file expires or enters the Protected state based on WORM properties of the file.

    Table 7-3  WORM properties
    Mode Minimum Protection Period Maximum Protection Period Default Protection Period Automatic Lock
    Enterprise WORM Lower limit of a file protection period Upper limit of a file protection period If no expiration time is configured for files, the files expire after the default protection period elapses. Time of automatically locking a file
  • WORM log

    WORM logs record WORM operations based on time. Logs generated each month are recorded as a WORM file. The WORM file can be appended but cannot be modified or deleted to prevent it from being falsely deleted or tampered with.

  • Submitting for protection

    Files in WORM directories can be protected when they are read-only and unwritable.

    • Automatic submitting for protection: If operations, such as writing data and modifying WORM properties are not performed on files in WORM directories within the preset period of automatic submitting for protection, the files automatically enter the Protected state.

      The system starts a scanning task to analyze files in WORM directories. If the files are in the Unprotected or Appended state and mtime (time elapsed since the last modification) has exceeded the automatic lock time of the files, the system automatically disables the write permission for the files and the files enters the Protected state.

    • Manual submitting for protection: If the write permission of files in WORM directories are manually disabled or the files are set to read-only, the files enter the Protected state.
  • Calculating expiration time

    Each file has atime (In this feature, the file read or execution time is regarded as the expiration time of the file. Once the file enters the Protected state, atime does not change with file access or execution and becomes the expiration time of the file), ctime (Time when the status of a file is last changed. The status of a file changes with the file's content, permission, owner, owning group, and link count.) and mtime (time when a file's content is last changed). The system determines the time when files are last modified based on mtime and records the time when WORM files expire in atime. atime can be calculated as follows:

    • Automatic submitting for protection
      • If no atime is set: atime = mtime+Automatic lockout duration + Default protection period
      • If atime is set and mtime + Automatic lockout period + Minimum protection period < atime < mtime + Automatic lockout period + Maximum protection period: actual atime = Automatic lockout period + Set atime
      • If atime is set but atime < mtime + Automatic lockout period + Minimum protection period: actual atime = mtime + Automatic lockout period + Minimum protection period
      • If atime is set but atime > mtime + Automatic lockout period + Maximum protection period: actual atime = mtime + Automatic lockout period + Maximum protection period
    • Manual submitting for protection
      • If no atime is set: atime = Current WORM clock time + Default protection period
      • If atime is set and Current WORM clock time + Minimum protection period < atime < Current WORM clock time + Maximum protection period: actual atime = Set atime
      • If atime is set but atime < Current WORM clock time + Minimum protection period: actual atime = Current WORM clock time + Minimum protection period
      • If atime is set but atime > Current WORM clock time + Maximum protection period: actual atime = Current WORM clock time + Maximum protection period
  • WORM file state

    There are four WORM file states, as described in Table 7-4.

    Table 7-4  WORM file states
    State Description

    Unprotected

    A file in this state can be modified or deleted.

    Protected

    After the write permission for a file is disabled, the file enters the Protected state. A file in this state can be read but cannot be deleted or modified.

    NOTE:
    However, the super administrator (admin) can execute the privileged deletion of locked files.

    Appended

    After the write permission for an empty file in the Protected state is enabled, the file enters the Appended state. Data can be appended to a file in the Appended state.

    Expired

    Files in this state cannot be modified but can be deleted and read and their properties can be viewed.

    Figure 7-1 shows the transition between WORM file states.

    Figure 7-1  WORM file states

    1. Submitting for protection: The automatic and manual submitting for protection can be used to make files in WORM directories enter the Protected state so that they are read-only and unwritable.

    2. Changing the protection period: When a file is in the Protected state, you can change atime to manually prolong the file protection period.

    3. Protection period expired: When a file enters the Expired state, the file can be deleted or read but cannot be modified.

    4. Prolonging the protection period: After a file expired, you can prolong the protection period to make the file enter the Protected state.

    5. After the write permission for an empty file in the Protected state is enabled, the file enters the Appended state. Data can be appended to a file in the Appended state. Data can be appended to a file in the Appended state to which data was appended unless the file has not been submitted for protection:
    • When the file is smaller than 1 MB, data can be appended to the file and the file content can be modified.
    • When the file is larger than 1 MB, data can be appended, the last 1 MB of content can be modified, but the remaining content (File size – 1 MB) cannot be modified.
    NOTE:
    Appending applies to log files, for example, WORM log files.

    6. Resubmitting for protection: After data is appended to a file and the file is submitted for protection, the file enters the Protected state.

    NOTE:
    WORM logs record operations, such as submitting for protection, modifying the protection period, prolonging the protection period, and appending data.
    The super administrator (admin) can execute the privileged deletion of files, empty files, WORM root directories in the Protected state.
    NOTE:
    Privileged deletion can be executed only when the directories for storing WORM logs are set and will be recorded in WORM logs.

Implementation

WORM technology adds WORM properties to common directories or files so that the files can only be read when they are being locked. After a system administrator configures the WORM root directory, users access the file system using clients, store files in the file system, and make the file system enter the Protected state based on service requirements. Figure 7-2 shows read and write states of data in WORM directories.

Figure 7-2  Read and write states of data in WORM directories (A)

1: The system administrator sets a common directory as the WORM root directory. The directory obtains the WORM properties and is timed by the WORM clock. The operating system records the operation logs.

2: Users access the file system using clients, create directories in the WORM root directory, and write files. The files in the directories automatically obtain the WORM properties of the parent directory and are in the Unprotected state.

3: When the automatic lock period starts, files in WORM directory A enter the Protected state. The file property changes to read-only. The requests to modify files in WORM directory A are denied.

4: Users create directories in the WORM root directory and write files. The files are in the Unprotected state.

5: Users manually submit the files in WORM directory B for protection. The files enter the Protected state.

Figure 7-3 shows the read and write states of data in WORM directories (B).

Figure 7-3  Read and write states of data in WORM directories (B)

6: When finding that files in WORM directory B are submitted for protection by mistake, users ask the system administrator to delete the files. Because the system administrator is not allowed to delete the files, the deletion request is denied.

7: The super administrator successfully performs privileged deletion of files in WORM directory B.

8: When the protection period elapses, files in the WORM directory A enter the Expired state. Users successfully delete the files.

Translation
Download
Updated: 2019-06-27

Document ID: EDOC1000122519

Views: 69795

Downloads: 145

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next