Immutability and appendOnly features
To prevent files from being changed or deleted unexpectedly, GPFS™ provides immutability and appendOnly restrictions.
Applying immutability and appendOnly restrictions to individual files or to directories
You can apply immutability and appendOnly restrictions either to individual files within a fileset or to a directory.
An immutable file cannot be changed or renamed. An appendOnly file allows append operations, but not delete, modify, or rename operations.
An immutable directory cannot be deleted or renamed, and files cannot be added or deleted under such a directory. An appendOnly directory allows new files or subdirectories to be created with 0 byte length; all such new created files and subdirectories are marked as appendOnly automatically.
The immutable flag and the appendOnly flag can be set independently. If both immutability and appendOnly are set on a file, immutability restrictions will be in effect.
- mmchattr -i {yes | no}
- Sets or unsets a file to or from an immutable state.
- -i yes
- Sets the immutable attribute of the file to yes.
- -i no
- Sets the immutable attribute of the file to no.
- mmchattr -a {yes | no}
- Sets or unsets a file to or from an appendOnly state.
- -a yes
- Sets the appendOnly attribute of the file to yes.
- -a no
- Sets the appendOnly attribute of the file to no.
Storage pool assignment of an immutable or appendOnly file can be changed; an immutable or appendOnly file is allowed to transfer from one storage pool to another.
mmlsattr -L myfilefile name: myfile
metadata replication: 2 max 2
data replication: 1 max 2
immutable: no
appendOnly: no
flags:
storage pool name: sp1
fileset name: root
snapshot name:
creation Time: Wed Feb 22 15:16:29 2012
Misc attributes: ARCHIVEThe effects of file operations on immutable and appendOnly files
- delete
- An immutable or appendOnly file cannot be deleted.
- modify/append
- An appendOnly file cannot be modified, but it can be appended. An immutable file cannot be
modified or appended. Note: The immutable and appendOnly flag check takes effect after the file is closed; therefore, the file can be modified if it is opened before the file is changed to immutable.
- mode
- An immutable or appendOnly file's mode cannot be changed.
- ownership, acl
- These attributes cannot be changed for an immutable or appendOnly file.
- extended attributes
- These attributes cannot be added, deleted, or modified for an immutable or appendOnly file.
- timestamp
- The timestamp of an immutable or appendOnly file can be changed.
- directory
- If a directory is marked as immutable, no files can be created,
renamed, or deleted under that directory. However, a subdirectory
under an immutable directory remains mutable unless it is explicitly
changed by mmchattr.
If a directory is marked as appendOnly, no files can be renamed or deleted under that directory. However, 0 byte length files can be created.
| Operation | immutable | appendOnly |
|---|---|---|
| Add, delete, modify, or rename | No | No |
| Append | No | Yes |
| Change ownership, mode, or acl | No | No |
| Change atime, mtime, or ctime | Yes | Yes |
| Add, delete, or modify extended attributes | Disallowed by external methods such as setfattr. Allowed internally for dmapi, directio, and others. |
Same as for immutable. |
| Create a file under an immutable or appendOnly directory | No | Yes, 0 byte length only |
| Rename or delete a file under an immutable or appendOnly directory | No | No |
| Modify a mutable file under an immutable directory | Yes | Not applicable |
| Set an immutable file back to mutable | Yes | Not applicable |
| Set an appendOnly file back to a non-appendOnly state | Not applicable | Yes |
Fileset-level integrated archive manager (IAM) modes
| File operation | Regular mode | Advisory mode | Noncompliant mode | Compliant mode | Compliant-plus mode |
|---|---|---|---|---|---|
| Modify | No | No | No | No | No |
| Append | No | No | No | No | No |
| Rename | No | No | No | No | No |
| Change ownership, acl | No | No | No | No | No |
| Change mode | No | No | No | No | No |
| Change atime, mtime, ctime | Yes | mtime and ctime can be changed.
atime is overloaded by expiration time. Expiration time can be changed by using the mmchattr --expiration-time command (alternatively mmchattr -E) or touch. You can see the expiration time by using stat as atime. |
Same as advisory mode | Same as advisory mode | Same as advisory mode |
| Add, delete, or modify extended attributes. | Not allowed for external methods such as setfattr. Allowed internally for dmapi, directio, and etc. | Yes | Yes | Yes | Yes |
| Create, rename, or delete under an immutable directory | No | No | No | No | No |
| Modify mutable files under an immutable directory. | Yes | Yes | Yes | Yes | Yes |
| Retention rule enforced | No retention rule, cannot delete immutable files | No | Yes | Yes | Yes |
| Set ExpirationTime backwards | Yes | Yes | Yes | No | No |
| Delete an immutable file | No | Yes, always | Yes, only when expired | Yes, only when expired | Yes, only when expired |
| Set an immutable file back to mutable | Yes | No | No | No | No |
| Allow hardlink | No for immutable or appendOnly files. Yes for other files. |
No | No | No | No |
| Rename or delete a non-empty directory | Yes for rename.
No for delete only if the directory contains immutable files. |
No for rename. Yes for delete. |
No for rename. Yes for delete only if the immutable file has expired. |
No for rename. Yes for delete only if the immutable file has expired. |
No for rename. Yes for delete only if the immutable file has expired. |
| Rename an empty directory | Yes | Yes | Yes | Yes | No |
| Remove user write permission to change a file to immutable | No | Yes | Yes | Yes | Yes |
| Display expiration time instead of atime for stat call | No | Yes | Yes | Yes | Yes |
| Set a directory to be immutable | Yes | No | No | No | No |