You can back up NFS-mounted files using standard OpenVMS backup procedures. For more information, see the OpenVMS documentation.
If you back up an OpenVMS file system or a container file system while remote users are accessing the files, the resulting save set may contain files that are in an inconsistent state. For a container file system, there is the additional danger that the container file itself may be in an inconsistent state.
Furthermore, the OpenVMS BACKUP utility does not issue warning messages when backing up files that are opened by the NFS server, even without the /IGNORE=INTERLOCK qualifier.
The safest way to back up is to schedule the backup for a time when
users will not be accessing the files. Then either unmap the file
systems to be backed up or simply shut down the NFS server.
14.7 Setting Up and Exporting an OpenVMS File System
The following example describes how to set up an OpenVMS file system on the OpenVMS server, and how to make the file system available to Joe Brown, a user on UNIX client ultra.
Joe Brown has an OpenVMS user name of BROWN and a UNIX user name of joe.
% grep joe /etc/passwd joe: (encrypted password) :27:58: ...
$ UCX UCX> ADD PROXY BROWN /UID=27 /GID=58 /host=ultra UCX> MAP DSA301: "/vmsdisk" UCX> ADD EXPORT "/vmsdisk/brown/test" /host=ultra
If users need to create files with case-sensitive names or names containing characters that do not conform to the OpenVMS syntax, you can enable a name-conversion feature that gives users more file naming flexibility without creating a container file system. Use the /OPTIONS=NAME_CONVERSION qualifier to the command ADD EXPORT to enable this option.
With the NAME_CONVERSION option set, users can create files and directories in an OpenVMS file system using names that do not conform to OpenVMS file-naming rules.
Note
If any client hosts had the file system mounted before the name conversion was enabled, they must dismount and remount for this feature to take effect.
See the DIGITAL TCP/IP Services for OpenVMS Management Command Reference manual for more options to the ADD EXPORT
commmand.
14.8 Setting Up and Exporting a UNIX-Style File System
A UNIX-style file system is called a container file system. When creating a UNIX-style file system, you must name an owner by means of the /USER_NAME qualifier to the CREATE CONTAINER command. If the container file system is for the use of just one remote user, that user can be the owner. If it is for the use of several users, the owner should be a user whose UIC is mapped to UID=0/GID=1 (UNIX user root). In either case, the name set with this qualifier must be already registered in the proxy database. This user also becomes the owner of the internal root directory of the container.
To create a UNIX-style file system on the NFS server, follow these steps:
UCX> ADD EXPORT "/test" /HOST=*
UCX> ADD EXPORT "/test/user1" /HOST="june"
This section reviews the commands you use to maintain and examine a container file system. Topics include:
For complete command descriptions, see the DIGITAL TCP/IP Services for OpenVMS Management Command Reference manual.
14.9.1 Displaying Directory Listings
Use the DIRECTORY command to display the contents of a directory. For example,
UCX> DIRECTORY "/path/name"
Here, /path/name is a valid UNIX directory specification that begins with a slash (/) and is enclosed by quotes.
The DIRECTORY command also has two qualifiers, as follows:
You cannot use the DCL COPY command to create files in a UNIX-style file system because the UNIX directory structure is fully contained in the corresponding container file. Instead, you must use the IMPORT command to copy a file from an OpenVMS directory into a UNIX-style file system. Likewise, use the EXPORT command to copy a file from a UNIX-style file system in to an OpenVMS directory.
If the OpenVMS data file does not have the STREAM_LF record format it
will automatically be converted to STREAM_LF. Use the /NOCONVERT
qualifier to prevent the conversion.
14.9.3 Removing Links to a File
A link is a directory entry referring to a file. A file can have several links to it. A link (hard link) to a file is indistinguishable from the original directory entry. Any changes to the file are independent of the link used to reference the file. A file cannot be deleted (removed) until the link count is zero.
Users can create multiple links to a file. A user sometimes creates a link to a file so that the file appears in more than one directory.
All links to a file are of equal value. If a file has two links and one link is removed, the file is still accessible through the remaining link. When the last existing link is removed (the link count is zero), the file is no longer accessible and is deleted.
Remove links to a file with the REMOVE FILE command. For example, to remove the link to a file named letter located at /usr/smith, issue the following command:
UCX> REMOVE FILE "/usr/smith/letter"
Like UNIX files, UNIX directories have links to them. An empty directory is deleted when the last link to the directory is removed.
Remove links to a UNIX directory with the REMOVE DIRECTORY command. For example, to remove the directory smith at /usr, issue the following command:
UCX> REMOVE DIRECTORY "/usr/smith"
You can delete a container file system with all its directories and files by issuing the DELETE CONTAINER command. For example, to delete the UNIX container created on WORK1$:[GROUP_A], issue the following command:
UCX> DELETE CONTAINER WORK1$:[GROUP_A]
Use the UNMAP command to unmap the UNIX-style file system before you
delete it.
14.9.6 Verifying the Integrity of a UNIX-Style File System
You can use the ANALYZE CONTAINER command to check the integrity of your container file system. This command is similar in function to the DCL ANALYZE/DISK_STRUCTURE command.
For example, to verify the integrity of a UNIX-style file system located in WORK1$:[GROUP_A], issue the following:
UCX> MAP "/group_a" WORK1$: UCX> ANALYZE CONTAINER WORK1$:[GROUP_A]
File system access to the container file is suspended while the container is being analyzed.
Note
The underlying OpenVMS file system must be mapped before you use the ANALYZE CONTAINER command.
You may want to analyze your container file system under the following circumstances:
Table 14-1 lists the important file components of a UNIX-style file system that are normally verified by the ANALYZE CONTAINER command.
| UNIX Item | OpenVMS Conceptual Equivalent | Description |
|---|---|---|
| Super block | Home block | Contains the basic information on the internal structuring of the container file. |
| Inode | File header | Each file or directory has an inode that contains information describing the file. The inode is a central definition of the file. |
| Directory | Directory | Contains the file names and directory hierarchy information. File name entries contain links to the inode information. |
| Bitmap | BITMAP.SYS | Contains the container file internal allocation information. Only one bitmap exists in the container file. |
For a complete description of the ANALYZE CONTAINER command and its
qualifiers, see Appendix C and the DIGITAL TCP/IP Services for OpenVMS Management Command Reference manual.
14.9.7 Restoring an Entire Container File System
For a typical image restore, simply follow normal OpenVMS procedures.
For a non-image restore, an additional step is required after the restore. The Files-11 File IDs are recorded in the container file. These must be updated by the UCX ANALYZE CONTAINER /REPAIR command.
This extra step is also required for an image restore if the save set
is being restored with the /NOINITIALIZE qualifier to a volume with a
different label or if it is being restored to a bound volume set that
has a member that was added since the time of the image backup.
14.9.8 Restoring Parts of a Container File System
Important
DIGITAL strongly recommends that before you attempt any of the recovery procedures described below, you read and completely understand: (1) the procedure you will attempt, (2) each of the procedures described before it, and (3) the OpenVMS documentation for the BACKUP command and qualifiers you will use to produce the intended result.
Sometimes you may need to recover parts of a container file system
without losing updates that have been applied to other parts since the
backup save set was made. Depending on whether you need to recover
files, directories, the container file itself, or some combination,
this can be a very awkward and labor-intensive procedure. It can also
be error-prone.
14.9.8.1 Using a Temporary Copy of the Container File System
If the container file itself is intact and you have enough free disk space, it may be simplest to restore the entire container file system to a temporary location and then transfer the needed files to the primary copy of the container file system using the UCX EXPORT and IMPORT commands. It is also possible to use a remote client if you prefer to allow the users to transfer their own files.
To do this, you can either restore the container file system to a separate disk or to a temporary directory on the same disk. If you use a temporary directory on the same disk, you will need to rename the container file according to the directory name. For example, if the original container file system is in DKA100:[DAISY],
$ DIRECTORY [DAISY]*.CONTAINER DAISY.CONTAINER;1 Total of 1 file. $ UCX SHOW MAP /daisy _DKA100:[DAISY] $
If you restore the backup save set to DKA100:[TEMP],
$ RENAME DKA100:[TEMP]DAISY.CONTAINER TEMP.CONTAINER %RENAME-I-RENAMED, DKA100:[TEMP]DAISY.CONTAINER;1 renamed to DKA100:[TEMP]TEMP.CONTAINER;1 $ UCX UCX> ANALYZE CONTAINER /REPAIR DKA100:[TEMP] . . . UCX> MAP "/j2" DKA100:[TEMP]
If you use a remote client to move the files, issue:
UCX> ADD EXPORT "/j2" /HOST="robin" UCX> EXIT
Each of the files in a container file system has two names: the UNIX-style name that is recorded in the container file and an OpenVMS name, which you can see using ordinary OpenVMS commands. The OpenVMS names are formed from an eight-digit hexadecimal number prepended to $BFS.;1 or $BFS.DIR;1, depending on whether the file is a directory file. The save set has the files recorded by their OpenVMS names and directory paths, and you need to find out what that name and directory are for the particular file you need to recover.
If the file still exists you can do this by issuing the UCX DIRECTORY /VMS command. For example,
$ UCX DIRECTORY /VMS "/daisy/user1" Directory: /daisy/user1 . VMS file: _DKA100:[DAISY]00003510$BFS.DIR;1 .. VMS file: _DKA100:[DAISY]00012201$BFS.DIR;1 file.txt VMS file: _DKA100:[DAISY.00003510$BFS]00005503$BFS.;1 $
In this example, to recover /daisy/user1/file.txt, you need to select [DAISY.00003510$BFS]00005503$BFS.;1 when you restore.
Note that the hierarchical structure of the directory tree is not
reflected in the OpenVMS names of the directory files. All of the
OpenVMS directory names are cataloged directly in the container
directory, in this example [DAISY].
14.9.8.3 Recovering a Deleted File
If the file has been deleted as an OpenVMS file, but its name and attributes are still intact in the container file, the UCX DIRECTORY /VMS command will not show you its former OpenVMS name. You need to compute it.
For each user file and directory file the container file has the analog of a UNIX inode. In a UNIX file system, each file has an inode in which the file's attributes are stored. Each inode has a unique inode number. The same is true in a container file system.
The inode number is displayed as a decimal number called "File ID:" when you issue a UCX DIRECTORY /FULL command. For example,
$ UCX DIRECTORY /FULL "/daisy/user1/file.txt" Directory: /daisy/user1 login.com VMS file: *** no such file Size File ID: 21763 Blocks: 3 Owner Bytes: 1103 UID: 5107 Created: 23-JUN-1997 10:46:09.10 GID: 15 Revised: 23-JUN-1997 10:46:08.96 Mode: 755 Type: File Accessed: 23-JUN-1997 10:46:08.54 Links: 1 $
To get the OpenVMS name, convert the inode number to hexadecimal. Use enough leading zeros to make eight hexadecimal digits and append $BFS.;1 for a non-directory file or $BFS.DIR;1 for a directory file. For example, inode number 21763 becomes 00005503$BFS.;1.
You now need to find the OpenVMS name of the immediate parent directory of the file. If the OpenVMS parent directory is still intact, the UCX DIRECTORY /VMS or UCX DIRECTORY /FULL command will tell you its OpenVMS name. If the parent directory is not intact, you need to restore the directory by computing the name from the inode number. For example,
$ UCX DIR /FULL "/daisy" Directory: /daisy . . . user1 VMS file: _DKA100:[DAISY]00003510$BFS.DIR;1 Size File ID: 13584 Blocks: 4 Owner Bytes: 1915 UID: 5107 Created: 16-JUN-1997 15:46:25.54 GID: 15 Revised: 23-JUN-1997 10:46:08.57 Mode: 741 Type: Directory Accessed: 23-JUN-1997 10:46:08.57 Links: 2 $
In this example, if "VMS file:" does not show the OpenVMS file name, you must compute it from the inode number, in this case 13584. You need to select [DAISY.00003510$BFS]00005503$BFS.;1 when you restore.
As an alternative method of finding inode numbers, you may find it
easier to mount the container file from a UNIX client and use the
ls -i and/or ls -R commands. You still need to
compute the OpenVMS file specification from the inode numbers of each
file to be recovered and its immediate parent directory.
14.9.8.4 Recovering a File That Has Been Completely Deleted from the Container
There is no supported method of computing the OpenVMS name of a file by
restoring just the container file from the save set. You need to
restore the entire container file system to a temporary location as
described in Section 14.9.8.1.
14.9.8.5 Recovering a Container File Only
This section applies to the situation of a container file being deleted or so badly corrupted that UCX ANALYZE CONTAINER /REPAIR does not help, but the other OpenVMS file and directory parts of the container file system are still intact.
The NFS server and the OpenVMS operating system provide many levels of security controls you can use to protect your file systems. Section 14.1.3, Section 14.1.4, and Section 14.1.7 reviewed how the server uses the proxy and export databases to restrict client access as well as how to use OpenVMS account privileges and protection schemes to control access to files and directories.
The NFS server provides additional security options by modifying the logical name UCX$NFS00000000_SECURITY in the NFS server startup file UCX$NFS_STARTUP.COM. This file is located in the directory SYS$SYSDEVICE:[UCX$NFS].
The server reads this logical name when it is started and applies the following security features:
UCX$-W-NFS_ACCNOA, Access to the OpenVMS account is denied
The file SYS$STARTUP:UCX$NFS_SERVER_STARTUP.COM defines a set of logical names that set characteristics of the NFS server. These characteristics include:
You can modify the NFS server by changing the values of the these logical names either permanently (follow the instructions provided in the command file) or temporarily with the SET NFS_SERVER command. If you modify the startup file, restart the server to make the changes take effect.
Note that modifying server characteristics will affect server performance. Be sure to understand the impact (review Section 14.13) before making any changes.
Table 14-2 describes the NFS server logical names.
| UCX Logical Name | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| UCX$NFS00000000_ERROR | Enables or disables error message logging | ||||||||||||
| UCX$NFS00000000_OPCOM | Enables or disables error logging to the operator console (OPCOM). Setting the value to zero (0) disables this option. | ||||||||||||
| UCX$NFS00000000_HOSTS |
Specifies the maximum number of client hosts that can be defined in the
server's host table. This parameter should be large enough to allow for
the definition of all the hosts present in the proxy database. For this
purpose, wildcard hosts counts as one.
Making the parameter value larger than needed makes NFS allocate redundant virtual memory within the server. |
||||||||||||
|
UCX$NFS00000000_UID
UCX$NFS00000000_GID |
Defines the default user. The default values for these logical names
are -2/-2 (the UNIX account "nobody").
You can change the values for these logical names. File access is determined by the privileges assigned to the OpenVMS account that maps to the default user in the proxy database. You can also set parameters dynamically by supplying the /UID_DEFAULT and /GID_DEFAULT qualifiers to the SET NFS_SERVER command. |
||||||||||||
| UCX$NFS00000000_INACTIVITY |
Specifies, in minutes and seconds, the time interval since the last
file access request.
The server keeps an activity timestamp for each opened file to help manage the open file cache. You can also modify this value with the /INACTIVITY_TIMER qualifier of the SET NFS_SERVER command. The default setting for this value is 02:00, or 2 minutes. Making the interval too short causes the NFS server to close files more often, which reduces performance. |
||||||||||||
| UCX$NFS00000000_SECURITY |
Gives a bit-mask value. Each set bit adds a different security feature
to the NFS operation as follows:
|
||||||||||||
| UCX$NFS00000000_THREADS |
Defines the maximum number of threads that can be active at the same
time.
The performance of the server is directly related to this value. The recommended value for an average load is a thread maximum of 20. If you increase this value, you should also increase the XID cache value. You may need to increase the /PAGE_FILE parameter in the NFS startup file as well. |
||||||||||||
| UCX$NFS00000000_XID |
Defines the size of the transaction cache, specified in a number of
8-Kbyte buffers. Default value: 256 buffers (258 x 8 Kbyte).
In a busy server environment, increasing the size of the cache improves server performance. See Section 14.13.6 for more information. Depending on the frequency of file operations, the size of the cache is critical. If you increase this parameter, you might also need to increase the /PAGE_FILE parameter in the NFS startup file. |