From owner-freebsd-hackers Thu Apr 15 20:35:18 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from poynting.physics.purdue.edu (poynting.physics.purdue.edu [128.210.146.58]) by hub.freebsd.org (Postfix) with ESMTP id 5695F14F30 for ; Thu, 15 Apr 1999 20:35:14 -0700 (PDT) (envelope-from ajk@physics.purdue.edu) Received: from physics.purdue.edu (localhost [127.0.0.1]) by poynting.physics.purdue.edu (8.9.1/8.9.1) with ESMTP id WAA28377 for ; Thu, 15 Apr 1999 22:32:55 -0500 (EST) (envelope-from ajk@physics.purdue.edu) Message-Id: <199904160332.WAA28377@poynting.physics.purdue.edu> To: freebsd-hackers@freebsd.org Subject: Entombing for FreeBSD From: "Andrew J. Korty" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <28370.924233574.1@physics.purdue.edu> Date: Thu, 15 Apr 1999 22:32:55 -0500 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Here at the Physics Computer Network, we've been experimenting with building Kevin Braunsdorf's file entombing system into FreeBSD. Entombing is an ingenious facility that allows a mortal user to recover accidentally deleted or clobbered files. To make entombing work, we replace the C library wrappers for the system calls open(), rename(), truncate(), and unlink() (and creat() on systems that have it) with versions that archive the file in a repository before doing the bona fide syscall. Each filesystem with entombing support has its own repository, usually located in a subdirectory of the filesystem root called "tomb". This tomb is owned by a special pseudo-user (charon :-). The actual moving of the file is done by a setuid-charon executable so that the files may be chowned away from the user. Thus, the file (now called a "crypt") is no longer counted against the user's quota. A crypt is kept in its tomb for a duration inversely related to its size and the used space on the filesystem. The "preend" daemon is responsible for the task of purging old crypts. The setuid-charon "unrm" command allows users to list, purge, and restore crypts. Because files are given unique names when entombed, arbitrary versions of a file may be restored. Entombing can be configured and disabled by the user through the environment variable ENTOMB. We think entombing is an elegant solution for a very common problem. It saves users time because it makes most of their mistakes reversible. Systems administrators profit as well, since entombing allows them to avoid the time-consuming task of restoring files from tape. I can't remember the last restore I did! If this sounds like it would be worth committing, let me know, and we'll contrib the source patches. The only changes are the added code in src/contrib and changes to a few libc Makefiles. There are no kernel mods. Andrew J. Korty, Director http://www.physics.purdue.edu/~ajk/ Physics Computer Network 85 73 1F 04 63 D9 9D 65 Purdue University 65 2E 7A A8 81 8C 45 75 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message