Manual Pages
Table of Contents
na_snaplock - compliance related operations.
snaplock command argument ...
The snaplock command manages compliance related functionality
on the system. A volume created using the vol command
(see na_vol(1)) is a snaplock volume when either the
enterprise or compliance option is chosen. Enterprise and
compliance SnapLock volumes allow different levels of
security assurance.
Snaplock compliance volumes may additionally be used as
compliant log volumes for operations performed on any
SnapLock volume or system.
SnapLock enterprise volumes may allow audited file deletions
before the expiration of file retention dates. This
privileged delete capability may be enabled on a per volume
basis when secure logging is properly configured.
The following commands are available under snaplock:
-
privdel log options
snaplock privdel [ -f ] path
Allows the deletion of retained files on SnapLock
enterprise volumes before the expiration date of
the file specified by path. The -f flag allows the
command to proceed without interactive confirmation
from the user.
For this command to succeed the user must be
accessing the filer over a secure connection and
must be a member of the Compliance Administrators
group (see na_useradmin(1))
This command is not available on SnapLock compliance
volumes.
snaplock log
volume [ -f ] [ vol ]
archive vol [ basename ]
status vol [ basename ]
The volume command sets the SnapLock log volume to
vol if the volume vol is online and is a SnapLock
Compliance volume. The active SnapLock log files on
the previous log volume (if there was one) will be
archived. New SnapLock log will be initialized on
the new volume vol. If the volume vol is not specified
then the command displays the current SnapLock
log volume.
SnapLock log file archival normally happens whenever
the size of a log reaches the maximum size
specified by the snaplock.log.maximum_size option
(see na_options(1)). The archive command forces
active SnapLock log file to be archived and
replaces them with new log files. If the basename
parameter is given, the active SnapLock log file
with that base name will be archived and replaced.
Otherwise, all active SnapLock log files on log
files on volume vol will be archived and replaced.
The status command reports the status of the active
SnapLock log files on volume vol.
snaplock options [ -f ] vol privdel [ on | off | disallowed
]
The options privdel command sets or reports the
state of the privileged delete option on a SnapLock
enterprise volume. The -f flag is required to be
able to set the state to disallowed to prevent
operator error. The -f flag is ignored if it is
used to set the option to any other state.
The valid states are:
Not initialized: No state has yet been specified
for this volume and no privileged deletions will be
allowed on the volume.
on: The feature is turned on and deletions are
allowed.
off: The feature is turned off and no privileged
delete operations will be allowed. The feature may
be turned on in future.
disallowed: The feature has been disabled for this
volume and can never be turned on for this volume.
snaplock command is not available via vfiler contexts.
snaplock command works only on the volumes completely
owned by the default vfiler vfiler0. A user can designate
a SnapLock compliance volume as the SnapLock log volume if
it is completely owned by the default vfiler. A user is
not allowed to move any storage resource on an active
SnapLock log volume from the default vfiler. In addition,
a user can turn on SnapLock privilege delete option if
SnapLock enterprise volume is completely owned by the
default vfiler. A user is not allowed to move any storage
resource from SnapLock enterprise volume that has privilege
delete option turned on.
snaplock privdel -f /vol/slevol/myfile
Deletes the file myfile on the enterprise volume
slevol. The user must have sufficient privileges
and must have initiated the command over a secure
connection to the filer for the command to succeed.
snaplock log volume
Prints out the value of system compliance log volume
name if it has been initialized. An uninitialzed
SnapLock log volume will be reported as not
set.
snaplock log volume logvol
Sets the SnapLock log volume to logvol.
snaplock log volume -f logvol
Sets the SnapLock log volume to logvol and ignores
any errors encountered during SnapLock log volume
change.
snaplock log status logvol
Prints log status for all the active SnapLock log
files on volume logvol.
snaplock log status logvol priv_delete
Prints the status for the active SnapLock log file
priv_delete on volume logvol.
snaplock options -f slevol privdel on
Turn on the privileged delete feature on enterprise
volume slevol without asking for confirmation.
na_vol (1), na_options (1), na_useradmin (1).
Table of Contents