Chapter 14. File and Record Locking

One area which causes trouble for many network administrators is locking. The extent of the problem is readily evident from searches over the internet. -

Features and Benefits

Samba provides all the same locking semantics that MS Windows clients expect and that MS Windows NT4 / 200x servers provide also.

@@ -24,7 +23,7 @@ settings on the MS Windows client.

Note

Sometimes it is necessary to disable locking control settings BOTH on the Samba server as well as on each MS Windows client! -

Discussion

There are two types of locking which need to be performed by a SMB server. The first is record locking which allows a client to lock a range of bytes in a open file. The second is the deny modes @@ -63,7 +62,7 @@ access should be allowed simultaneously with its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE or DENY_ALL. There are also special compatibility modes called DENY_FCB and DENY_DOS. -

Opportunistic Locking Overview

Opportunistic locking (Oplocks) is invoked by the Windows file system (as opposed to an API) via registry entries (on the server AND client) for the purpose of enhancing network performance when accessing a file @@ -84,8 +83,8 @@ other processes. The redirector sees that the file was opened with deny none (allowing concurrent access), verifies that no other process is accessing the file, checks that - oplocks are enabled, then grants deny-all/read-write/ex- - clusive access to the file. The client now performs + oplocks are enabled, then grants deny-all/read-write/exclusive + access to the file. The client now performs operations on the cached local file.

If a second process attempts to open the file, the open @@ -186,7 +185,7 @@ In mission critical high availability environments, careful attention should be given to opportunistic locking. Ideally, comprehensive testing should be done with all affected applications with oplocks enabled and disabled. -

Exclusively Accessed Shares

Opportunistic locking is most effective when it is confined to shares that are exclusively accessed by a single user, or by only one user at a time. Because the true value of opportunistic locking is the local @@ -195,7 +194,7 @@ mechanism will cause a delay.

Home directories are the most obvious examples of where the performance benefit of opportunistic locking can be safely realized. -

Multiple-Accessed Shares or Files

As each additional user accesses a file in a share with opportunistic locking enabled, the potential for delays and resulting perceived poor performance increases. When multiple users are accessing a file on a @@ -207,7 +206,7 @@ of the caching user. As each additional client attempts to access a file with oplocks set, the potential performance improvement is negated and eventually results in a performance bottleneck. -

Unix or NFS Client Accessed Files

Local Unix and NFS clients access files without a mandatory file locking mechanism. Thus, these client platforms are incapable of initiating an oplock break request from the server to a Windows client @@ -215,9 +214,9 @@ that has a file cached. Local Unix or NFS file access can therefore write to a file that has been cached by a Windows client, which exposes the file to likely data corruption.

-If files are shared between Windows clients, and either loca Unix +If files are shared between Windows clients, and either local Unix or NFS users, then turn opportunistic locking off. -

Slow and/or Unreliable Networks

The biggest potential performance improvement for opportunistic locking occurs when the client-side caching of reads and writes delivers the most differential over sending those reads and writes over the wire. @@ -232,7 +231,7 @@ the most advantageous scenario to utilize opportunistic locking. If the network is slow, unreliable, or a WAN, then do not configure opportunistic locking if there is any chance of multiple users regularly opening the same file. -

Multi-User Databases

Multi-user databases clearly pose a risk due to their very nature - they are typically heavily accessed by numerous users at random intervals. Placing a multi-user database on a share with opportunistic @@ -240,7 +239,7 @@ locking enabled will likely result in a locking management bottleneck on the Samba server. Whether the database application is developed in-house or a commercially available product, ensure that the share has opportunistic locking disabled. -

PDM Data Shares

Process Data Management (PDM) applications such as IMAN, Enovia, and Clearcase, are increasing in usage with Windows client platforms, and therefore SMB data stores. PDM applications manage multi-user @@ -253,7 +252,7 @@ application and PDM server to negotiate and maintain. It is appropriate to eliminate the client OS from any caching tasks, and the server from any oplock management, by disabling opportunistic locking on the share. -

Beware of Force User

Samba includes an smb.conf parameter called force user that changes the user accessing a share from the incoming user to whatever user is defined by the smb.conf variable. If opportunistic locking is enabled @@ -271,7 +270,7 @@ Avoid the combination of the following: Slow or unreliable networks

Opportunistic Locking Enabled -

Advanced Samba Opportunistic Locking Parameters

Samba provides opportunistic locking parameters that allow the administrator to adjust various properties of the oplock mechanism to account for timing and usage levels. These parameters provide good @@ -285,7 +284,7 @@ are required, then the better option is to simply turn oplocks off. The samba SWAT help text for both parameters reads "DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE." This is good advice. -

Mission Critical High Availability

In mission critical high availability environments, data integrity is often a priority. Complex and expensive configurations are implemented to ensure that if a client loses connectivity with a file server, a @@ -315,7 +314,7 @@ In mission critical high availability environments, careful attention should be given to opportunistic locking. Ideally, comprehensive testing should be done with all affected applications with oplocks enabled and disabled. -

Samba Opportunistic Locking Control

Opportunistic Locking is a unique Windows file locking feature. It is not really file locking, but is included in most discussions of Windows file locking, so is considered a defacto locking feature. @@ -339,7 +338,7 @@ synchronising the contents of the entire file back to the server for a single ch

Level1 Oplocks (aka just plain "oplocks") is another term for opportunistic locking.

-Level2 Oplocks provids opportunistic locking for a file that will be treated as +Level2 Oplocks provides opportunistic locking for a file that will be treated as read only. Typically this is used on files that are read-only or on files that the client has no initial intention to write to at time of opening the file.

@@ -352,7 +351,7 @@ Unless your system supports kernel oplocks, you should disable oplocks if you ar accessing the same files from both Unix/Linux and SMB clients. Regardless, oplocks should always be disabled if you are sharing a database file (e.g., Microsoft Access) between multiple clients, as any break the first client receives will affect synchronisation of -the entire file (not just the single record), which will result in a noticable performance +the entire file (not just the single record), which will result in a noticeable performance impairment and, more likely, problems accessing the database in the first place. Notably, Microsoft Outlook's personal folders (*.pst) react very badly to oplocks. If in doubt, disable oplocks and tune your system from that point. @@ -365,29 +364,29 @@ of your client sending oplock breaks and will instead want to disable oplocks fo

Another factor to consider is the perceived performance of file access. If oplocks provide no measurable speed benefit on your network, it might not be worth the hassle of dealing with them. -

Example Configuration

-In the following we examine two destinct aspects of samba locking controls. -

Disabling Oplocks

Example Configuration

+In the following we examine two distinct aspects of Samba locking controls. +

Disabling Oplocks

You can disable oplocks on a per-share basis with the following: -

+

+
 [acctdata]
 	oplocks = False
 	level2 oplocks = False
-

-
+

The default oplock type is Level1. Level2 Oplocks are enabled on a per-share basis in the smb.conf file.

Alternately, you could disable oplocks on a per-file basis within the share: -

 	veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/
-

If you are experiencing problems with oplocks as apparent from Samba's log entries, you may want to play it safe and disable oplocks and level2 oplocks. -

Disabling Kernel OpLocks

Kernel OpLocks is an smb.conf parameter that notifies Samba (if the UNIX kernel has the capability to send a Windows client an oplock break) when a UNIX process is attempting to open the file that is @@ -399,13 +398,13 @@ to the risk of data corruption. If the UNIX kernel has the ability to send an oplock break, then the kernel oplocks parameter enables Samba to send the oplock break. Kernel oplocks are enabled on a per-server basis in the smb.conf file. -

+

+
 [global]
 kernel oplocks = yes
-

+

The default is "no". -

Veto OpLocks is an smb.conf parameter that identifies specific files for which Oplocks are disabled. When a Windows client opens a file that has been configured for veto oplocks, the client will not be granted @@ -417,26 +416,26 @@ allow Windows clients to utilize the performance benefit of file caching without the risk of data corruption. Veto Oplocks can be enabled on a per-share basis, or globally for the entire server, in the smb.conf file: -

<title>Example Veto OpLock Settings</title>
+

+
<title>Example Veto OpLock Settings</title>
 [global]
         veto oplock files = /filename.htm/*.txt/
 
 [share_name]
         veto oplock files = /*.exe/filename.ext/
-

-
+

Oplock break wait time is an smb.conf parameter that adjusts the time interval for Samba to reply to an oplock break request. Samba recommends "DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE." Oplock Break Wait Time can only be configured globally in the smb.conf file: -

+

+
 [global]
           oplock break wait time =  0 (default)
-

-
+

Oplock break contention limit is an smb.conf parameter that limits the response of the Samba server to grant an oplock if the configured number of contending clients reaches the limit specified by the @@ -444,15 +443,15 @@ parameter. Samba recommends "DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE." Oplock Break Contention Limit can be enable on a per-share basis, or globally for the entire server, in the smb.conf file: -

+

+
 [global]
           oplock break contention limit =  2 (default)
 
 [share_name]
          oplock break contention limit =  2 (default)
-

-

MS Windows Opportunistic Locking and Caching Controls

You can also deny the granting of opportunistic locks by changing the following registry entries: -

@@ -544,7 +543,7 @@ An illustration of how level II oplocks work: station holds any oplock on the file. Because the workstations can have no cached writes or locks at this point, they need not respond to the break-to-none advisory; all they need do is invalidate locally cashed read-ahead data. -