Manual Pages

Table of Contents


na_snaplock - compliance related operations.


snaplock command argument ...


The snaplock command manages compliance related functionality on the system. A volume created using the vol command (see na_vol(1)) is a snaplock volume when either the enterprise or compliance option is chosen. Enterprise and compliance SnapLock volumes allow different levels of security assurance.

Snaplock compliance volumes may additionally be used as compliant log volumes for operations performed on any SnapLock volume or system.

SnapLock enterprise volumes may allow audited file deletions before the expiration of file retention dates. This privileged delete capability may be enabled on a per volume basis when secure logging is properly configured.


The following commands are available under snaplock:

  privdel     log      options

snaplock privdel [ -f ] path

Allows the deletion of retained files on SnapLock enterprise volumes before the expiration date of the file specified by path. The -f flag allows the command to proceed without interactive confirmation from the user.

For this command to succeed the user must be accessing the filer over a secure connection and must be a member of the Compliance Administrators group (see na_useradmin(1))

This command is not available on SnapLock compliance volumes.

snaplock log
volume [ -f ] [ vol ]
archive vol [ basename ]
status vol [ basename ]

The volume command sets the SnapLock log volume to vol if the volume vol is online and is a SnapLock Compliance volume. The active SnapLock log files on the previous log volume (if there was one) will be archived. New SnapLock log will be initialized on the new volume vol. If the volume vol is not specified then the command displays the current SnapLock log volume.

SnapLock log file archival normally happens whenever the size of a log reaches the maximum size specified by the snaplock.log.maximum_size option (see na_options(1)). The archive command forces active SnapLock log file to be archived and replaces them with new log files. If the basename parameter is given, the active SnapLock log file with that base name will be archived and replaced. Otherwise, all active SnapLock log files on log files on volume vol will be archived and replaced.

The status command reports the status of the active SnapLock log files on volume vol.

snaplock options [ -f ] vol privdel [ on | off | disallowed ]

The options privdel command sets or reports the state of the privileged delete option on a SnapLock enterprise volume. The -f flag is required to be able to set the state to disallowed to prevent operator error. The -f flag is ignored if it is used to set the option to any other state.

The valid states are:

Not initialized: No state has yet been specified for this volume and no privileged deletions will be allowed on the volume.

on: The feature is turned on and deletions are allowed.

off: The feature is turned off and no privileged delete operations will be allowed. The feature may be turned on in future.

disallowed: The feature has been disabled for this volume and can never be turned on for this volume.


snaplock command is not available via vfiler contexts. snaplock command works only on the volumes completely owned by the default vfiler vfiler0. A user can designate a SnapLock compliance volume as the SnapLock log volume if it is completely owned by the default vfiler. A user is not allowed to move any storage resource on an active SnapLock log volume from the default vfiler. In addition, a user can turn on SnapLock privilege delete option if SnapLock enterprise volume is completely owned by the default vfiler. A user is not allowed to move any storage resource from SnapLock enterprise volume that has privilege delete option turned on.


snaplock privdel -f /vol/slevol/myfile

Deletes the file myfile on the enterprise volume slevol. The user must have sufficient privileges and must have initiated the command over a secure connection to the filer for the command to succeed.

snaplock log volume

Prints out the value of system compliance log volume name if it has been initialized. An uninitialzed SnapLock log volume will be reported as not set.

snaplock log volume logvol

Sets the SnapLock log volume to logvol.

snaplock log volume -f logvol

Sets the SnapLock log volume to logvol and ignores any errors encountered during SnapLock log volume change.

snaplock log status logvol

Prints log status for all the active SnapLock log files on volume logvol.

snaplock log status logvol priv_delete

Prints the status for the active SnapLock log file priv_delete on volume logvol.

snaplock options -f slevol privdel on

Turn on the privileged delete feature on enterprise volume slevol without asking for confirmation.


na_vol (1), na_options (1), na_useradmin (1).

Table of Contents