Document revision date: 19 July 1999
[Compaq] [Go to the documentation home page] [How to order documentation] [Help on this site] [How to contact us]
[OpenVMS documentation]

OpenVMS System Manager's Manual


Previous Contents Index

8.5.4 Mounting a Volume with Protected Subsystems

Security is usually based on control rights that are granted or denied to the user. In a protected subsystem, however, security is based on access controls assigned to the subsystem. The subsystem acts as a gatekeeper that grants or denies users access to objects belonging to the subsystem.

Unprivileged users can build and manage protected subsystems. You must be involved at two points in the process:

Caution

Anyone who mounts a subsystem is responsible for knowing what is on the volume being mounted. Compaq strongly recommends that you find out what is on a volume before you mount a subsystem. Without this knowledge, you might inadvertently subvert system security and jeopardize the privacy of users' data.

For example, a user with malicious intent who has privileges on one OpenVMS Cluster node might place an application with a subsystem identifier on a volume and then request an unsuspecting operator or system manager to mount the volume on another node. Because the application has a subsystem identifier, the application appears to belong to a subsystem for which it is unauthorized.

How to Enable Protected Subsystems on a Trusted Volume

The system enables protected subsystems by default only on the system disk. For other disks, you must enable subsystems every time you mount a volume. A person with the SECURITY privilege can enable subsystems on a volume by using the /SUBSYSTEM qualifier on the MOUNT command.

You can dynamically turn on and off the processing of Subsystem ACEs with the DCL command SET VOLUME/SUBSYSTEM. This command is especially useful for the system disk, which is not mounted using the MOUNT command.

Example

The command in the following example mounts the volume labeled DOC on the DUA0: device. Subsystems on the volume are accessible. The MOUNT command also assigns the logical name WORK8.


$ MOUNT/SUBSYSTEM/SYSTEM DUA0: DOC WORK8 

8.5.5 Converting an Existing Volume from One ODS Format to Another

The following sections contain instructions for converting an existing volume from one ODS file format to another.

8.5.5.1 Converting from ODS-2 to ODS-5

To convert an ODS-2 volume to an ODS-5 volume:

  1. Dismount the volume throughout the cluster; for example:


    $ DISMOUNT /CLUSTER DKA300: 
    

  2. Mount the volume as a private volume, for example:


    $ MOUNT DKA300: DISK1 
    %MOUNT-I-MOUNTED, DISK1 mounted on _STAR$DKA300: 
    

    Omitting the /SYSTEM qualifier causes the system to mount the volume as a private, not a public, volume.
    You can check that the volume is ODS-2 by entering a SHOW DEVICE/FULL command and seeing a display like the following:


    $ SHOW DEVICE DKA200:/FULL 
     
      Disk $10$DKA200:, device type RZ47, is online, allocated, deallocate 
      on dismount, mounted, file-oriented device, shareable. 
     
        Error count                    0    Operations completed 232 
        .
        .
        .
     
      Volume Status:  ODS-2, subject to mount verification, file high-water 
      marking, write-back caching enabled. 
    

    An alternative method for displaying the volume type is to issue a command and receive a response similar to the following:


    $ WRITE SYS$OUTPUT F$GETDVI ("DKA200:","ACPTYPE") 
    F11V2 
    

    F11V2 indicates that the volume is ODS-2.

  3. Compaq strongly recommends that you back up the volume. You cannot go back to ODS-2 format once you change to ODS-5 except by restoring a backup, as described in Section 8.5.5.3. For example:


    $ BACKUP /IMAGE DKA300: SAV.BCK /SAVE_SET 
    

  4. Set the characteristics of the disk by using a command in the following format:

    SET VOLUME /STRUCTURE_LEVEL=5  device-name 
    


    For example:


    $ SET VOLUME /STRUCTURE_LEVEL=5 DKA300: 
    

    Note

    You cannot use the SET VOLUME command to change a volume from ODS-5 to ODS-2. To reset a volume to ODS-2, you must use BACKUP as described in Section 8.5.5.3.
    If a failure occurs after you enter the SET VOLUME/STRUCTURE_LEVEL command, refer to the instructions at the end of this section.

    When you enter the SET VOLUME command, the system verifies that the volume can be converted by testing for the following items:

    Warning

    After using the SET VOLUME /STRUCTURE_LEVEL=5 command, do not access the disk further until the disk is dismounted and remounted.
  5. Dismount the private volume and remount the volume publicly by entering commands similar to the following:


    $ DISMOUNT DKA300: 
    $ MOUNT /CLUSTER DKA300: DISK1 
    %MOUNT-I-MOUNTED, DISK1 mounted on _STAR$DKA300: 
    

To verify that the volume has been converted to ODS-5, you can enter a SHOW DEVICE/FULL command and see a display similar to the following:


$ SHOW DEVICE DKA300:/FULL 
 
  Disk $10$DKA300:, device type RX74, is online, allocated, deallocate 
  on dismount, mounted, file-oriented device, shareable. 
 
    Error count                    0    Operations completed 155 
    .
    .
    .
 
  Volume Status:  ODS-5, subject to mount verification, file high-water 
  marking, write-back caching enabled. 

An alternative method for displaying the volume type is to issue a command and receive a response similar to the following:


$ WRITE SYS$OUTPUT F$GETDVI ("DKA500:","ACPTYPE") 
F11V5 

F11V5 indicates that the volume is ODS-5.

What to Do if a Failure Occurs

If a failure such as an I/O error or a system crash occurs while the SET VOLUME/STRUCTURE_LEVEL command is executing but before the command finishes, the volume might be only partially updated. If so, when you enter the MOUNT command, the Mount utility will display one of the following error messages:


     Inconsistent file structure level on device ... 
 
     Structure level on device ... is inconsistent with volume set 

If either condition is true, you can enter the MOUNT command only with the /NOSHARE qualifier (or with no qualifier, because /NOSHARE is the default). When you do, the system displays the same error message but only as a warning.

To recover from the error condition, reenter the SET VOLUME/STRUCTURE_LEVEL=5 command, and then dismount and remount the disk. As a last resort, you can restore the backup you made.

8.5.5.2 Converting from ODS-1 to ODS-2

To convert from ODS-1 format to ODS-2 format:

  1. Back up the entire disk or disks.
  2. Initialize the disk or disks as ODS-2 file structure.
  3. Restore the disk or disks.

8.5.5.3 Converting from ODS-5 Files to ODS-2

Two types of BACKUP operations, file and image, support converting ODS-5 file names to ODS-2 file names. (File and image operations are described more completely in Chapter 10.)

In the examples in the following descriptions, notice that when you perform a conversion to or from a save set, the created as or copied as message is displayed for the converted files.

If BACKUP cannot convert a file name within its existing directory, it converts the file name and leaves it unconnected so that ANALYZE /DISK /REPAIR can connect it to the [SYSLOST] directory, where the file has an ODS-2-compliant name. BACKUP also displays messages similar to the following:


%BACKUP-I-RECOVCNT, 5 files could not be converted into a directory on DKA100: 
-BACKUP-I-RECOVCMD, use the Analyze/Disk_Structure/Repair command to recover files 

In this case, you need to move the file from [SYSLOST] to the appropriate directory. Refer to the created as log messages to see where the file would logically be placed and place it there manually.

8.5.6 Modifying Disk Volume Characteristics

Use the DCL command SET VOLUME to modify the characteristics of one or more mounted Files--11 disk volumes. To use this command, you must have write access to the index file on the volume. If you are not the owner of the volume, you must have either a system UIC or the user privilege SYSPRV. You must then specify the name of one or more mounted Files--11 volumes.

The following examples illustrate how you can use the SET VOLUME command.

Examples


  1. $ SET VOLUME/DATA_CHECK=(READ,WRITE) DKA100:
    

    This command requests that data checks be performed following all read and write operations to the DKA100: volumes.


  2. $ SET VOLUME/LABEL=LICENSES DKA100:
    

    This command encodes the label LICENSES on the DKA100: volume. Note that, if characters in labels are entered in lowercase, the /LABEL qualifier changes them to uppercase.

8.5.7 Speeding Up Disk Mounting

The DISKMOUNT.C program can help to speed up disk mounts at system startup time. The program reduces the MOUNT image activation time by directly calling the $MOUNT system service.

Note

DISKMOUNT.C does not support mounting of disks connected to an InfoServer, disks served using DFS, or stripe sets.

This program requires a VAX C compiler. Perform the following steps:

  1. Copy the files DISKMOUNT.H, DISKMOUNT.C, and DISKMOUNT_CHILD.C in SYS$EXAMPLES to a directory.
  2. Define a logical name "SRC$" that points to this directory.
  3. Assemble the DISKMOUNT.C and DISKMOUNT_CHILD.C files.
  4. Link DISKMOUNT.OBJ and DISKMOUNT_CHILD.OBJ to produce the DISKMOUNT.EXE and DISKMOUNT_CHILD.EXE executable image files.
  5. Copy these executable images to a directory, preferably SYS$MANAGER on the target system.

For additional information, see the comments in the DISKMOUNT.H file.

8.6 Setting Up Disk Volume Sets

The following sections discuss concepts related to disk volume sets and explain how to perform the following actions:
Task Section
Create a disk volume set from new volumes Section 8.6.2
Create a shadowed disk volume set Section 8.6.3
Create a disk volume set from an existing volume Section 8.6.4
Add volumes to a disk volume set Section 8.6.5

8.6.1 Understanding Disk Volume Sets

A volume set is a collection of disk volumes bound into a single entity by the DCL command MOUNT/BIND. To users, a volume set looks like a single, large volume. Volume sets have the following characteristics:

Use a volume set to provide a large, homogeneous public file space. You must use a volume set to create files that are larger than a single physical disk volume. (The file system attempts to balance the load on the volume sets, for example, by creating new files on the volume that is the least full at the time.)

If you want several distinct areas of file storage, with different types of users or different management policies, you must use a separate volume or volume set for each area. For example, you might want one volume for permanent user storage, with limited disk quotas and regular backups. You might want another volume for "scratch" use, which means that the volume has liberal or no quotas and is not backed up; also, its files are purged on a periodic basis. Each separate volume or volume set must contain a top-level user file directory for each user who keeps files on that volume.

An advantage of separate volumes is their modularity. If one of the drives holding a volume set is out of service, the whole volume set is unavailable because of its interconnected directory structure. When a drive holding a single volume is not functioning, only the files on that volume are not available.

A disadvantage of volume sets is the large size of an image backup of a multivolume set, which might affect your backup schedule. For example, if backing up each of five separate volumes takes 5 hours in the evening, backing up these same volumes in a volume set will take 25 hours, which cannot be done overnight, thus possibly causing a scheduling problem.


Previous Next Contents Index

  [Go to the documentation home page] [How to order documentation] [Help on this site] [How to contact us]  
  privacy and legal statement  
6017PRO_033.HTML