Re: Drawbacks of implementing undelete entirely in user space

Bryn Paul Arnold Jones (bpaj@gytha.demon.co.uk)
Tue, 25 Jun 1996 14:33:18 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alex Krimkevich: "Re: real kernel bloat"
Previous message: Matthew S. Crocker: "Re: File Descriptors & Linux 2.0"
Next in thread: Marty Leisner: "Re: real kernel bloat"
Reply: Marty Leisner: "Re: real kernel bloat"

On Mon, 24 Jun 1996, Ray Auchterlounie wrote:
> Quotas - if deleted files count towards user quota then the facility
> will be of very limited use to users near their limits, even if disk
> space is available. If not then the quota implementation will need
> modifying. At filesystem level, deleted files would not be visible to
> quota - but they effectively take no space so quota is not needed.
>

Annother per user quota on undelete space would very quickly kill that
off. I.e. you have an xMb quota that you can tie up in to a kernel based
disk space check (Is this how quota works, ie when you try to write a
block, the kernel checks if you have enough space left, then sais ok, or
-ENOSPC ?).

> File attributes - at filesystem level we can add file attributes like
> ext2fs "undelete" and "secure delete", undelete can then be specified
> per-file, per-directory, per-filesystem (mount options ?) and checks
> are trivial. From a higher level you need to be aware of all such
> attributes on all filesystems and you need to check them. eg if the
> user has marked a file for secure deletion then rm should delete it
> properly - but if you trap rm or unlink() and the filesystem gets told
> to just move the file instead...
>

Well unlink doesn't delete, that only happens when the last reference to
the file is lost, so secure deletion will happen anyway, just not
necessarily right now (well that's the case at the moment so ....). The
only thing is that the files should not be readable by anyone (execpt uid
0 ;) from the time thay are unlinked to the time the disk space is recycled
(after being zeroed).

> > So, to undelete a file in DOS-like fashion, my suggestion is have
> >a setuid root program that...
> > 1. Unmounts the partition (or lock it)
> [...]
>
> First killing off all processes using that fs, logging off users etc.
> Unacceptable on a multi-user system, not much use on single-user.
> If you want DOS undelete then use umsdos or msdos fs and reboot to DOS
> when you want to recover a file.
>

Why does he want to lock the filesystem ? Only broken hacks (vfat under
Win95) need locking like this. The kernel guarantees that only one thing
happens to a mounted fs at a time. This dosn't happen in Win95, as the
programs that require you to lock are messing directly with the disk,
this dosnt happen in linux as everything goes through the kernel.

> I'd rather have something in the fs - take a look at Netware for a
> good example.
>
> ray
>
> --
> Ray Auchterlounie Research Student (still) at:
Bryn

--
PGP key pass phrase forgotten,   \ Overload -- core meltdown sequence 
again :(                          |            initiated.
                                 / This space is intentionally left   
                                |  blank, apart from this text ;-)
                                 \____________________________________

Next message: Alex Krimkevich: "Re: real kernel bloat"
Previous message: Matthew S. Crocker: "Re: File Descriptors & Linux 2.0"
Next in thread: Marty Leisner: "Re: real kernel bloat"
Reply: Marty Leisner: "Re: real kernel bloat"