Skip to main content

Check System File Permissions

Check whether InterSystems IRIS system files conform to necessary permission settings.

Description

Check whether InterSystems IRIS system files conform to necessary permission settings, to ensure that the instance does not encounter problems starting or running due to incorrect permissions, owners, or groups.

This utility first checks directories and files created at installation against /mgr/filecheck.isc, which contains a snapshot of the files captured at the end of installation. The user can edit this file if necessary. Then it checks databases, journals, and WIJ files.

By default, filecheck checks for the following:

  • rw for databases and streams.

  • rwx for database and stream directories.

  • rw for journals and WIJ files.

  • rwx for journal and WIJ directories.

Discrepancies are logged in filecheck.log, with one error per line. If no errors are found, this file will be empty.

Instructions

Accessing the Utility

You can access the filecheck utility in the following ways:

  • Directly: > iris filecheck <instance> [format]

  • As a parameter during startup: > iris start <instance> filecheck

Recreating /mgr/filecheck.isc

If /mgr/filecheck.isc is deleted or otherwise corrupted, it can be recreated using the iris filecheck update command. Note that the update could include temporary files created after installation, which could cause errors if they are deleted. The update command should therefore only be used if necessary, and may require manual edits to /mgr/filecheck.isc.

Overriding Default Permission Checks

To override default permission checks, create entries in /mgr/filecheck_perm.isc (This file does not exist initially and must be created if needed). The system defaults as entries in /mgr/filecheck_perm.isc would look like this:

     ****rw-*** * irisusr DatabaseFile
     ****rwx*** * irisusr DatabaseDirectory
     ****rw-*** * irisusr JournalFile
     ****rwx*** * irisusr JournalDirectory

The use of asterisks in the strings for permissions and owners (and potentially groups) instructs filecheck to allow any values for those positions. Only the positions with explicit values (the group permissions in the examples) are checked.

Logging Errors in Machine-Readable Format

By default, errors are logged in text format. Users can use the optional format parameter to log errors in the following machine-readable CSV format:

<ErrorType>,<FileType>,<MismatchType>,<ExpectedString>,<CurrentString>,<FileName>
ErrorType
Mismatch
MismatchType Permitted values are Permission, Owner, or Group.
ExpectedString The permission, owner, or group string that is required.
CurrentString The actual current permission, owner, or group string.
Missing

The file is missing.

Error n

n is an error number.

FileType
t

Top directory (from filecheck.isc)
i

Installation directory (from filecheck.isc)
d

Database file or directory
s

Stream file or directory
j

Journal file or directory
w

WIJ file or directory
FileName

The complete file name or directory path.

For example, a machine-readable entry might look like this: 

Mismatch,i,Permission,-r--r--r-x,-r--r--r--,/usr/local/etc/irissys/CSP_options
Next sectionCreate System Performance Report
Previous sectionCheck SSH
FeedbackOpens in a new tab