ASM metadata file number 10 is ASM user directory and ASM file number 11 is ASM group directory. These are supporting structures for ASM file access control feature.
ASM file access control can be used to restrict file access to specific ASM clients (typically databases), based on the operating system effective user identification number of a database home owner.
This information is externalized via V$ASM_USER, V$ASM_USERGROUP and V$ASM_USERGROUP_MEMBER views.
ASM users and groups
To make use of ASM file access control feature, we need to have the operating system users and groups in place. We would then add them to ASM disk group(s) via ALTER DISKGROUP ADD USERGROUP command. I have skipped that part to keep the focus on ASM user and group directories.
Here are the operating system users set up on this system
uid=1100(grid) gid=1000(oinstall) groups=1000(oinstall),1020(asmadmin),1021(asmdba),1031(dba)
$ id oracle
uid=1101(oracle) gid=1000(oinstall) groups=1000(oinstall),1021(asmdba),1031(dba)
$ id oracle1
uid=1102(oracle1) gid=1033(dba1) groups=1033(dba1)
$ id oracle2
uid=1103(oracle2) gid=1034(dba2) groups=1034(dba2)
And here are ASM users and groups I set up for my disk groups.
u.os_id “OS ID”,
u.os_name “OS user”,
u.user_number “ASM user#”,
g.usergroup_number “ASM group#”,
g.name “ASM user group”
FROM v$asm_user u, v$asm_usergroup g, v$asm_usergroup_member m
WHERE u.group_number=g.group_number and u.group_number=m.group_number
and u.user_number=m.member_number
and g.usergroup_number=m.usergroup_number
ORDER BY 1, 2;
Disk group# OS ID OS user ASM user# ASM group# ASM user group
———– —– ——- ——— ———- ————–
1 1100 grid 1 3 GRIDTEAM
1101 oracle 2 1 DBATEAM1
1102 oracle1 3 2 DBATEAM2
1103 oracle2 4 2 DBATEAM2
2 1101 oracle 2 1 DBATEAM1
Look inside
Get allocation units for ASM user and group directories in disk group number 1.
x.disk_kffxp “Disk#”,
x.xnum_kffxp “Extent”,
x.au_kffxp “AU”,
d.name “Disk name”
FROM x$kffxp x, v$asm_disk_stat d
WHERE x.group_kffxp=d.group_number
and x.disk_kffxp=d.disk_number
and d.group_number=1
and x.number_kffxp in (10, 11)
ORDER BY 1, 2;
File# Disk# Extent AU Disk name
———- ———- ———- ———- ——————————
10 0 0 2139 ASMDISK5
1 0 2139 ASMDISK6
11 0 0 2140 ASMDISK5
1 0 2140 ASMDISK6
The user directory metadata has one block per user entry, where the block number corresponds to the user number (v$asm_user.user_number). We have four users, with user numbers 1-4, so those should be in user directory blocks 1-4. Let’s have a look.
kfbh.endian: 1 ; 0x000: 0x01
kfbh.hard: 130 ; 0x001: 0x82
kfbh.type: 24 ; 0x002: KFBTYP_USERDIR
…
kfzude.user: 1100 ; 0x038: length=4
…
So block 1 is for user with the OS user ID 1100. This agrees with the output from v$asm_user above. For the other blocks we have:
$ while (( $b <= 4 ))
do
kfed read /dev/oracleasm/disks/ASMDISK5 aun=2139 blkn=$b | grep kfzude.user
let b=b+1
done
kfzude.user: 1100 ; 0x038: length=4
kfzude.user: 1101 ; 0x038: length=4
kfzude.user: 1102 ; 0x038: length=4
kfzude.user: 1103 ; 0x038: length=4
As expected that shows four operating user IDs in ASM user directory.
Group directory entries are also one per block, where the block number would match the ASM group number. Let’s have a look:
$ while (( $b <= 3 ))
do
kfed read /dev/oracleasm/disks/ASMDISK5 aun=2140 blkn=$b | grep kfzgde.name
let b=b+1
done
kfzgde.name: DBATEAM1 ; 0x03c: length=8
kfzgde.name: DBATEAM2 ; 0x03c: length=8
kfzgde.name: GRIDTEAM ; 0x03c: length=8
This shows ASM group names as specified for this disk group.
Conclusion
ASM user and group directories are supporting structures for ASM file access control feature, introduced in version 11.2. This information is externalized via V$ASM_USER, V$ASM_USERGROUP and V$ASM_USERGROUP_MEMBER views.
Comment