【转】ASM files number 10 and 11

10ASM metadata file number 10 is ASM user directory and ASM file number 11 is ASM group directory. These are supporting structures for ASM file access control feature.

ASM file access control can be used to restrict file access to specific ASM clients (typically databases), based on the operating system effective user identification number of a database home owner.

This information is externalized via V$ASM_USER, V$ASM_USERGROUP and V$ASM_USERGROUP_MEMBER views.

ASM users and groups

To make use of ASM file access control feature, we need to have the operating system users and groups in place. We would then add them to ASM disk group(s) via ALTER DISKGROUP ADD USERGROUP command. I have skipped that part to keep the focus on ASM user and group directories.

Here are the operating system users set up on this system

$ id grid
uid=1100(grid) gid=1000(oinstall) groups=1000(oinstall),1020(asmadmin),1021(asmdba),1031(dba)
$ id oracle
uid=1101(oracle) gid=1000(oinstall) groups=1000(oinstall),1021(asmdba),1031(dba)
$ id oracle1
uid=1102(oracle1) gid=1033(dba1) groups=1033(dba1)
$ id oracle2
uid=1103(oracle2) gid=1034(dba2) groups=1034(dba2)

And here are ASM users and groups I set up for my disk groups.

SQL> SELECT u.group_number “Disk group#”,
u.os_id “OS ID”,
u.os_name “OS user”,
u.user_number “ASM user#”,
g.usergroup_number “ASM group#”,
g.name “ASM user group”
FROM v$asm_user u, v$asm_usergroup g, v$asm_usergroup_member m
WHERE u.group_number=g.group_number and u.group_number=m.group_number
and u.user_number=m.member_number
and g.usergroup_number=m.usergroup_number
ORDER BY 1, 2;

Disk group# OS ID OS user ASM user# ASM group# ASM user group
———– —– ——- ——— ———- ————–
1 1100  grid            1          3 GRIDTEAM
1101  oracle          2          1 DBATEAM1
1102  oracle1         3          2 DBATEAM2
1103  oracle2         4          2 DBATEAM2
2 1101  oracle          2          1 DBATEAM1

Look inside 

Get allocation units for ASM user and group directories in disk group number 1.

SQL> SELECT x.number_kffxp “File#”,
x.disk_kffxp “Disk#”,
x.xnum_kffxp “Extent”,
x.au_kffxp “AU”,
d.name “Disk name”
FROM x$kffxp x, v$asm_disk_stat d
WHERE x.group_kffxp=d.group_number
and x.disk_kffxp=d.disk_number
and d.group_number=1
and x.number_kffxp in (10, 11)
ORDER BY 1, 2;

File#      Disk#     Extent         AU Disk name
———- ———- ———- ———- ——————————
10          0          0       2139 ASMDISK5
1          0       2139 ASMDISK6
11          0          0       2140 ASMDISK5
1          0       2140 ASMDISK6

The user directory metadata has one block per user entry, where the block number corresponds to the user number (v$asm_user.user_number). We have four users, with user numbers 1-4, so those should be in user directory blocks 1-4. Let’s have a look.

$ kfed read /dev/oracleasm/disks/ASMDISK5 aun=2139 blkn=1 | more
kfbh.endian:                          1 ; 0x000: 0x01
kfbh.hard:                          130 ; 0x001: 0x82
kfbh.type:                           24 ; 0x002: KFBTYP_USERDIR

kfzude.user:                       1100 ; 0x038: length=4

So block 1 is for user with the OS user ID 1100. This agrees with the output from v$asm_user above. For the other blocks we have:

$ let b=1
$ while (( $b <= 4 ))
do
kfed read /dev/oracleasm/disks/ASMDISK5 aun=2139 blkn=$b | grep kfzude.user
let b=b+1
done

kfzude.user:                       1100 ; 0x038: length=4
kfzude.user:                       1101 ; 0x038: length=4
kfzude.user:                       1102 ; 0x038: length=4
kfzude.user:                       1103 ; 0x038: length=4

As expected that shows four operating user IDs in ASM user directory.

Group directory entries are also one per block, where the block number would match the ASM group number. Let’s have a look:

$ let b=1
$ while (( $b <= 3 ))
do
kfed read /dev/oracleasm/disks/ASMDISK5 aun=2140 blkn=$b | grep kfzgde.name
let b=b+1
done

kfzgde.name:                   DBATEAM1 ; 0x03c: length=8
kfzgde.name:                   DBATEAM2 ; 0x03c: length=8
kfzgde.name:                   GRIDTEAM ; 0x03c: length=8

This shows ASM group names as specified for this disk group.

Conclusion

ASM user and group directories are supporting structures for ASM file access control feature, introduced in version 11.2. This information is externalized via V$ASM_USER, V$ASM_USERGROUP and V$ASM_USERGROUP_MEMBER views.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *