January 10, 2012

ASM files number 10 and 11


ASM metadata file number 10 is ASM user directory and ASM file number 11 is ASM group directory. These are supporting structures for ASM file access control feature.

ASM file access control can be used to restrict file access to specific ASM clients (typically databases), based on the operating system effective user identification number of a database home owner.

This information is externalized via V$ASM_USER, V$ASM_USERGROUP and V$ASM_USERGROUP_MEMBER views.

ASM users and groups

To make use of ASM file access control feature, we need to have the operating system users and groups in place. We would then add them to ASM disk group(s) via ALTER DISKGROUP ADD USERGROUP command. I have skipped that part to keep the focus on ASM user and group directories.

Here are the operating system users set up on this system

$ id grid
uid=1100(grid) gid=1000(oinstall) groups=1000(oinstall),1020(asmadmin),1021(asmdba),1031(dba)
$ id oracle
uid=1101(oracle) gid=1000(oinstall) groups=1000(oinstall),1021(asmdba),1031(dba)
$ id oracle1
uid=1102(oracle1) gid=1033(dba1) groups=1033(dba1)
$ id oracle2
uid=1103(oracle2) gid=1034(dba2) groups=1034(dba2)

And here are ASM users and groups I set up for my disk groups.

SQL> SELECT u.group_number "Disk group#",
 u.os_id "OS ID",
 u.os_name "OS user",
 u.user_number "ASM user#",
 g.usergroup_number "ASM group#",
 g.name "ASM user group"
FROM v$asm_user u, v$asm_usergroup g, v$asm_usergroup_member m
WHERE u.group_number=g.group_number and u.group_number=m.group_number
 and u.user_number=m.member_number
 and g.usergroup_number=m.usergroup_number
ORDER BY 1, 2;

Disk group# OS ID OS user ASM user# ASM group# ASM user group
----------- ----- ------- --------- ---------- --------------
          1 1100  grid            1          3 GRIDTEAM
            1101  oracle          2          1 DBATEAM1
            1102  oracle1         3          2 DBATEAM2
            1103  oracle2         4          2 DBATEAM2
          2 1101  oracle          2          1 DBATEAM1

Look inside

Get allocation units for ASM user and group directories in disk group number 1.

SQL> SELECT x.number_kffxp "File#",
 x.disk_kffxp "Disk#",
 x.xnum_kffxp "Extent",
 x.au_kffxp "AU",
 d.name "Disk name"
FROM x$kffxp x, v$asm_disk_stat d
WHERE x.group_kffxp=d.group_number
 and x.disk_kffxp=d.disk_number
 and d.group_number=1
 and x.number_kffxp in (10, 11)
ORDER BY 1, 2;

     File#      Disk#     Extent         AU Disk name
---------- ---------- ---------- ---------- ------------------------------
        10          0          0       2139 ASMDISK5
                    1          0       2139 ASMDISK6
        11          0          0       2140 ASMDISK5
                    1          0       2140 ASMDISK6

The user directory metadata has one block per user entry, where the block number corresponds to the user number (v$asm_user.user_number). We have four users, with user numbers 1-4, so those should be in user directory blocks 1-4. Let's have a look.

$ kfed read /dev/oracleasm/disks/ASMDISK5 aun=2139 blkn=1 | more
kfbh.endian:                          1 ; 0x000: 0x01
kfbh.hard:                          130 ; 0x001: 0x82
kfbh.type:                           24 ; 0x002: KFBTYP_USERDIR
...
kfzude.user:                       1100 ; 0x038: length=4
...

So block 1 is for user with the OS user ID 1100. This agrees with the output from v$asm_user above. For the other blocks we have:

$ let b=1
$ while (( $b <= 4 ))
 do
 kfed read /dev/oracleasm/disks/ASMDISK5 aun=2139 blkn=$b | grep kfzude.user
 let b=b+1
 done

kfzude.user:                       1100 ; 0x038: length=4
kfzude.user:                       1101 ; 0x038: length=4
kfzude.user:                       1102 ; 0x038: length=4
kfzude.user:                       1103 ; 0x038: length=4

As expected that shows four operating user IDs in ASM user directory.

Group directory entries are also one per block, where the block number would match the ASM group number. Let's have a look:

$ let b=1
$ while (( $b <= 3 ))
 do
 kfed read /dev/oracleasm/disks/ASMDISK5 aun=2140 blkn=$b | grep kfzgde.name
 let b=b+1
done

kfzgde.name:                   DBATEAM1 ; 0x03c: length=8
kfzgde.name:                   DBATEAM2 ; 0x03c: length=8
kfzgde.name:                   GRIDTEAM ; 0x03c: length=8

This shows ASM group names as specified for this disk group.

Conclusion

ASM user and group directories are supporting structures for ASM file access control feature, introduced in version 11.2. This information is externalized via V$ASM_USER, V$ASM_USERGROUP and V$ASM_USERGROUP_MEMBER views.

No comments:

Post a Comment