Check System File Permissions
Description
Check whether InterSystems IRIS system files conform to necessary permission settings, to ensure that the instance does not encounter problems starting or running due to incorrect permissions, owners, or groups.
This utility first checks directories and files created at installation against /mgr/filecheck.isc, which contains a snapshot of the files captured at the end of installation. The user can edit this file if necessary. Then it checks databases, journals, and WIJ files.
By default, filecheck checks for the following:
-
rw for databases and streams.
-
rwx for database and stream directories.
-
rw for journals and WIJ files.
-
rwx for journal and WIJ directories.
Discrepancies are logged in filecheck.log, with one error per line. If no errors are found, this file will be empty.
Instructions
Accessing the Utility
You can access the filecheck utility in the following ways:
-
Directly: > iris filecheck <instance> [format]
-
As a parameter during startup: > iris start <instance> filecheck
Recreating /mgr/filecheck.isc
If /mgr/filecheck.isc is deleted or otherwise corrupted, it can be recreated using the iris filecheck update command. Note that the update could include temporary files created after installation, which could cause errors if they are deleted. The update command should therefore only be used if necessary, and may require manual edits to /mgr/filecheck.isc.
Overriding Default Permission Checks
To override default permission checks, create entries in /mgr/filecheck_perm.isc (This file does not exist initially and must be created if needed). The system defaults as entries in /mgr/filecheck_perm.isc would look like this:
****rw-*** * irisusr DatabaseFile ****rwx*** * irisusr DatabaseDirectory ****rw-*** * irisusr JournalFile ****rwx*** * irisusr JournalDirectory
The use of asterisks in the strings for permissions and owners (and potentially groups) instructs filecheck to allow any values for those positions. Only the positions with explicit values (the group permissions in the examples) are checked.
Logging Errors in Machine-Readable Format
By default, errors are logged in text format. Users can use the optional format parameter to log errors in the following machine-readable CSV format:
<ErrorType>,<FileType>,<MismatchType>,<ExpectedString>,<CurrentString>,<FileName>
MismatchType | Permitted values are Permission, Owner, or Group. |
ExpectedString | The permission, owner, or group string that is required. |
CurrentString | The actual current permission, owner, or group string. |
The file is missing.
n is an error number.
t |
Top directory (from filecheck.isc) |
i |
Installation directory (from filecheck.isc) |
d |
Database file or directory |
s |
Stream file or directory |
j |
Journal file or directory |
w |
WIJ file or directory |
The complete file name or directory path.
For example, a machine-readable entry might look like this:
Mismatch,i,Permission,-r--r--r-x,-r--r--r--,/usr/local/etc/irissys/CSP_options