The present invention relates to file systems and more particularly to mirroring files between at least two storage devices.
In many applications of data storage systems, reliability and availability are critical performance issues. For example, in a retail solution availability of a data processing system to process retail transactions may be essential. In such systems where reliability and availability are critical performance issues, mirroring of storage devices, such as hard drives or the like, may be beneficial. Mirroring storage devices may be carried out by replicating files on one storage device onto another storage device.
As an example of a mirrored file system, the 4690 Point-of-Sale operating system available from International Business Machines Corporation of Armonk, N.Y., provided a proprietary operating system for the retail environment. File mirroring operations could be provided in such a proprietary operating system by providing a file mirroring kernel which performed the mirroring operations. Such a kernel generally had complete access to the data of a storage device and would cause duplicate file operations to be performed for file operations to a preselected drive. Such control of the mirrored file system could be provided because of the close linkage between the proprietary operating system and the file mirroring kernel.
Furthermore, because of the purpose-specific nature of the proprietary operating system, a simple file access system could be provided with minimal concerns for security and control of access to files by non-well behaved processes. However, in a more general purpose environment, such as systems utilizing general purpose multi-user operating systems such as WindowsNT from Microsoft Corporation, Redmond, Wash. or Unix, AIX from International Business Machines Corporation, Armonk, N.Y., Solaris from Sun Microsystems, Palo Alto, Calif. or Linux, concerns over security and file access may make the mirroring of files more complex.
Files in such general purpose systems generally have a set of permissions associated with them which are controlled by an xe2x80x9cownerxe2x80x9d of the file. The owner is, typically, the user or process which created the file. The set of permissions may be quite complex and vary from file to file. For example, certain of these permissions may make a file xe2x80x9cinvisiblexe2x80x9d or undetectable to other users or processes which do not have the appropriate set of permissions. As such, a mirroring process may be unable to detect the presence of certain files or be unable to read files in order to mirror the file to a secondary storage device. Also, the owner of a file may change its permissions and, thus, make a file which was once detectable, undetectable.
As described above, on a general purpose operating system, a mirroring process executing on a primary system may be unable to detect or read files if it does not have the proper set of permissions to access the files. Thus, the mirroring process may be unable to mirror the files from the primary data storage device to a secondary data storage device. Furthermore, a failure to mirror such files may be difficult, if not impossible, to detect prior to occurrence of a failure as the mirroring process may have no indication that a file exists and, therefore, may not know that it has failed to mirror the file. Such a failure to mirror critical files may be catastrophic in a system failure condition where operations are transferred to a data processing system associated with the secondary storage device. In such a case, the files needed to resume operations may be missing and the transfer of operations may be impossible.
Additionally, in the event of a failure, there may be no guarantee that the permissions associated with files on the primary system will be the same as those on the mirrored system. Thus, if a transfer is required from the primary system to the mirrored system, some applications which utilize mirrored files may be subsequently unable to access the files because of a difference in permissions. Accordingly, the backup of files by a storage device mirroring scheme may not provide the xe2x80x9clivexe2x80x9d backup that may be desired.
In light of the above discussion, a need exists for improvements in file mirroring systems.
Embodiments of the present invention include methods, systems and computer program products which provide access to files which are mirrored between at least a first storage device and a second storage device by controlling access to the first and second storage devices so that owners of files which are to be mirrored between the first and the second storage devices are within a common user group. A predefined set of permissions are established for the common user group and permissions of members of the common user group are forced to the predefined set of permissions. Thus, files owned by members of the common user group will be forced to have the permissions of the common user group. Files owned by members of the common user group are mirrored between the first and the second storage devices.
In particular embodiments of the present invention, controlling access to the storage devices may include rejecting an access of the first storage device if a user associated with the access is not a member of the common user group.
In further embodiments of the present invention, a mirroring process is established as a member of the common user group. In such embodiments, files owned by members of the common user group may be mirrored between the first and the second storage devices utilizing the mirroring process.
In additional embodiments of the present invention, permissions of members of the common user group may be forced to the predefined set of permissions by determining if a communication with a file system associated with the first storage device is from a member of the common user group and determining if the communication changes the permissions of the member of the common user group. The permissions specified by the communication may be ignored if the communication changes the permissions to a set of permissions different from the predefined set of permissions.
In particular embodiments of the present invention, the communication with the file system associated with the first storage device may be intercepted. In such a case, the permissions in the intercepted communication may be ignored by replacing permissions specified by the communication with the predefined set of permissions if the communication changes the permissions of the member of the common user group so as to provide a revised communication with the file system. The revised communication may be forwarded to the file system associated with the first storage device to replace the original intercepted communication and mirrored to the secondary storage devices to assure the file permissions on the first and secondary storage devices are identical.
In further embodiments of the present invention, the first and second storage devices are associated with a general purpose multi-user operating system and the common user group is a group of users of the general purpose multi-user operating system. Furthermore, the general purpose multi-user operating system may be a Unix-type operating system. For example, the Unix-type operating system may be Unix, AIX, Solaris or Linux.
In still further embodiments of the present invention, the first storage device is associated with a first data processing system and the second storage device is associated with a second data processing system different from the first data processing system. In such embodiments, the common user group may be established on the first data processing system and the common user group replicated on the second data processing system.
In additional embodiments of the present invention, a file mirroring system may be provided. The file mirroring system may include a primary storage device and a mirrored storage device. A file system may be configured to control the primary storage device and a user group associated with the primary storage device. A mirror process associated with the user group is configured to mirror files owned by members of the user group from the primary storage device to the mirrored storage device. A file access kernel is configured so as to intercept communications with the file system and configured so as to force permissions of the user group to a predefined set of permissions.
In further embodiments of the file mirroring system, the primary storage device is part of a first data processing system and the mirrored storage device is part of a second data processing system. Furthermore, the user group associated with the primary storage device may be established on both the first and the second data processing systems. The file system may also be a file system of a general purpose multi-user operating system such as a Unix-type operating system.
While the invention has been described above primarily with respect to method aspects of the invention, both systems and/or computer program products are also provided.