On Fri, Feb 18, 2005 at 07:57:21AM -0800, Michele Simionato wrote: > Uhm ... I reading /usr/src/linux-2.4.27/Documentation/mandatory.txt > The last section says: > > """ > 6. Warning! > ----------- > > Not even root can override a mandatory lock, so runaway processes > can wreak havoc if they lock crucial files. The way around it is to > change the file permissions (remove the setgid bit) before trying to > read or write to it. Of course, that might be a bit tricky if the > system is hung :-( > """ > > so lockf locks do not look completely harmless ...
if you read the whole file, you will have read that turning on
mandatory locks is not trivial. I never said it was harmless, and in
fact (as that section explains) it's a bad idea for most cases; there
are some (very few) situations where you need it, however, and so you
can get at that functionality. Having to mount your filesystem with
special options and twiddling the permission bits is a pretty strong
hint that the implementors didn't think it was a good idea for most
cases, too.
Hmm, just read that file, and it doesn't mention the "have to mount
with special options" bit. But if you look in mount(8), you see an
entry under the options list,
mand Allow mandatory locks on this filesystem. See fcntl(2)
and if you look in fcntl(2), you see that
Mandatory locking
(NonâPOSIX.) The above record locks may be either adviâ
sory or mandatory, and are advisory by default. To make
use of mandatory locks, mandatory locking must be
enabled (using the "âo mand" option to mount(8)) for the
file system containing the file to be locked and enabled
on the file itself (by disabling group execute permisâ
sion on the file and enabling the setâGID permission
bit).
Advisory locks are not enforced and are useful only
between cooperating processes. Mandatory locks are
enforced for all processes.
if I have come across as recommending mandatory locks in this thread,
I apologize, as it was never my intention. It is a cool feature for
the .001% of the time when you need it (and the case in discussion in
this thread is not one of those), but other than that it's a very,
very bad idea. In the same league of badness as SysV IPC; I'd still
mention SysV IPC to someone who asked about IPC on Linux, however,
because there are places where it is useful even though most times
it's a stupid way to do things (yes, Oracle, *especially* you).
--
John Lenton ([EMAIL PROTECTED]) -- Random fortune:
A pencil with no point needs no eraser.
signature.asc
Description: Digital signature
-- http://mail.python.org/mailman/listinfo/python-list
