Creating immutable filesets and files

To configure and deploy a WORM solution, it is mandatory to create an immutable fileset in IBM Storage Scale.

1. Create an independent fileset by using the mmcrfileset command.
2. Link the fileset to a directory within the file system which must not exist at this point:

   mmlinkfileset <file system name> <fileset name> -J directory

   Note: This directory is the immutable fileset path.
3. Set an IAM mode for the files by using the following command:

   mmchfileset <file system name> <fileset name> --iam-mode compliant

4. Create a test file date > testfile with read-write permissions and fill the file with some content:

   echo “Hello World” > file

5. Check the extended attributes of the file which indicate that the file is not immutable by using the mmlsattr command:

   mmlsattr -L testfile
   file name: testfile
   metadata replication: 1 max 2
   data replication: 1 max 2
   immutable: no
   appendOnly: no
   indefiniteRetention: no
   expiration Time: Wed Mar 15 17:16:13 2016
   flags:
   storage pool name: system
   fileset name: WORMfs
   snapshot name:
   creation time: Wed Mar 15 17:16:13 2016
   Misc attributes: ARCHIVE
   Encrypted: no

6. Set the file to read-only:

   chmod –w testfile

7. Set the future expiration time using mmchattr. Select a time in the immediate future for quick expiry and deletion.

   mmchattr --expiration-time 2016-03-15@18:16:13 testfile

8. Verify that immutability and expiration time are set by using mmchattr:

   
   mmlsattr -L testfile
   file name: testfile
   metadata replication: 1 max 2
   data replication: 1 max 2
   immutable: yes
   appendOnly: no
   indefiniteRetention: no
   expiration Time: Wed Mar 15 18:16:13 2016
   flags:
   storage pool name: system
   fileset name: WORMfs
   snapshot name:
   creation time: Wed Mar 15 17:16:13 2016
   Misc attributes: ARCHIVE READONLY
   Encrypted: no
   

9. Verify that the files cannot be modified or deleted. Run the following commands:

   chmod +w testfile

   The system displays an output similar to this:

   chmod: changing permissions of 'testfile': Operation not permitted

   date > testfile

   The system displays an output similar to this:

   testfile: Read-only file system

   rm -f testfile

   The system displays an output similar to this:

   
    rm: cannot remove 'testfile': Read-only file system

   For more information, see the following topics:

   • Immutability and appendOnly features
   • https://www.ibm.com/support/pages/node/6355547