To protect a file from external editing/removal - Linux

This is a discussion on To protect a file from external editing/removal - Linux ; Guys, I want to "lock" a file so that my process has exclusive access and others cannot edit or remove it until my process ends. I had assumed fcntl & flock could do that but it was not the case ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: To protect a file from external editing/removal

  1. To protect a file from external editing/removal

    Guys,

    I want to "lock" a file so that my process has exclusive access and
    others
    cannot edit or remove it until my process ends. I had assumed fcntl &
    flock
    could do that but it was not the case as I expected.

    It seems to me that the "lock" enforced by fcntl & flock takes no
    effect unless
    the other process also tries to get the lock.

    Am I right? If so, is there a way to get the lock that I expected?
    otherwise,
    can you give me an example usage of fcntl & flock to achieve my goal?

    Thanks a lot,

    --
    mrby


  2. Re: To protect a file from external editing/removal

    mrby wrote:
    > I want to "lock" a file so that my process has exclusive access and
    > others
    > cannot edit or remove it until my process ends. I had assumed fcntl &
    > flock
    > could do that but it was not the case as I expected.


    > It seems to me that the "lock" enforced by fcntl & flock takes no
    > effect unless
    > the other process also tries to get the lock.


    Yes, per default file locking is adviory only, i.e. all processes
    must actively check if they can get a lock and behave accordingly.
    Processes not doing that aren't kept from accessing the "locked"
    file.

    > Am I right? If so, is there a way to get the lock that I expected?
    > otherwise,
    > can you give me an example usage of fcntl & flock to achieve my goal?


    It's possible to change to mandatory locking. First of all, the
    file system must be mounted with the 'mand' option (for those
    that accept this option). The files that can be mandatory locked
    must have the the group-id bit set in its file mode while the
    group-execute bit must be unset (a combination that is otherwise
    meaningless). And then you can only use the fcntl() and lockf()
    functions for mandatory locking, but not flock().

    But before you go that way please be aware of the implications:
    a runaway process can lock crucial files and even root can't
    remove the lock (except by killling the process or removing the
    setgid bit on the locked file). Things can become especially
    nasty in cases when the mandatory-locked file is available via
    NFS or some other remote file-system. Many people seem to re-
    commend not to use mandatory locking since it can lead to a
    lot of headaches.
    Regards, Jens
    --
    \ Jens Thoms Toerring ___ jt@toerring.de
    \__________________________ http://toerring.de

  3. Re: To protect a file from external editing/removal

    On 17 Jul 2007 10:31:17 GMT, Jens Thoms Toerring wrote:
    > mrby wrote:
    >> I want to "lock" a file so that my process has exclusive access and
    >> others
    >> cannot edit or remove it until my process ends. I had assumed fcntl &
    >> flock
    >> could do that but it was not the case as I expected.

    >
    >> It seems to me that the "lock" enforced by fcntl & flock takes no
    >> effect unless
    >> the other process also tries to get the lock.

    >
    > Yes, per default file locking is adviory only, i.e. all processes
    > must actively check if they can get a lock and behave accordingly.
    > Processes not doing that aren't kept from accessing the "locked"
    > file.


    Temporarily changing the permissions to read-only?

  4. Re: To protect a file from external editing/removal

    jt@toerring.de (Jens Thoms Toerring) writes:
    > mrby wrote:
    >> I want to "lock" a file so that my process has exclusive access and
    >> others
    >> cannot edit or remove it until my process ends. I had assumed fcntl &
    >> flock
    >> could do that but it was not the case as I expected.


    [...]

    > It's possible to change to mandatory locking.


    [...]

    > But before you go that way please be aware of the implications:
    > a runaway process can lock crucial files and even root can't
    > remove the lock (except by killling the process or removing the
    > setgid bit on the locked file). Things can become especially
    > nasty in cases when the mandatory-locked file is available via
    > NFS or some other remote file-system. Many people seem to re-
    > commend not to use mandatory locking since it can lead to a
    > lot of headaches.


    The usual cause against 'mandatory locking' is that it cannot
    accomplish what it appears to promise on UNIX(*), because 'a file' is
    something almost completely independent from a path name. It is, for
    instance, usually possible to remove a particular link to a file and
    create a new file using the old name of the other file instead.

  5. Re: To protect a file from external editing/removal

    Bob Tennent wrote:
    > On 17 Jul 2007 10:31:17 GMT, Jens Thoms Toerring wrote:
    > > mrby wrote:
    > >> I want to "lock" a file so that my process has exclusive access and
    > >> others
    > >> cannot edit or remove it until my process ends. I had assumed fcntl &
    > >> flock
    > >> could do that but it was not the case as I expected.

    > >
    > >> It seems to me that the "lock" enforced by fcntl & flock takes no
    > >> effect unless
    > >> the other process also tries to get the lock.

    > >
    > > Yes, per default file locking is adviory only, i.e. all processes
    > > must actively check if they can get a lock and behave accordingly.
    > > Processes not doing that aren't kept from accessing the "locked"
    > > file.


    > Temporarily changing the permissions to read-only?


    I don't think that this can work reliably in all situations,
    especially if the processes that want to modify the same file
    belong to the same user. Just a simple example: two processes
    A and B already have the file open for writing. Now, if process
    A would change the permissions to read-only this wouldn't have
    any influence on process B anymore since the permissions are
    only tested when the file is opened. (And if the permissions
    would be tested on each write-attempt, then you would get a
    race condition since then process A would have to reset the
    permissions before itself could write, thus making it also
    possible for process B to write before A is done.)

    Regards, Jens
    --
    \ Jens Thoms Toerring ___ jt@toerring.de
    \__________________________ http://toerring.de

  6. Re: To protect a file from external editing/removal

    On Jul 17, 2:37 am, mrby wrote:

    > It seems to me that the "lock" enforced by fcntl & flock takes no
    > effect unless
    > the other process also tries to get the lock.


    Correct. This is the UNIX way.

    > Am I right? If so, is there a way to get the lock that I expected?


    Yes. Just make sure the other programs that might conflict with you
    lock the file as well.

    > otherwise,
    > can you give me an example usage of fcntl & flock to achieve my goal?


    It's obvious, lock the file in both programs. Locking cannot work
    correctly unless all the processes accessing the locked resource
    *cooperate*. You cannot force another process to cooperate for your
    code.

    What happens if another process renames the file? Or deletes it? None
    of these things would be stopped by your lock since they are
    operations on the directory the file is in rather than the file
    itself.

    DS


+ Reply to Thread