Metadirectory namespace and method for use of the same

US 7,613,724 B1
Filed: 09/26/2007
Issued: 11/03/2009
Est. Priority Date: 07/09/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method for accessing a file or directory at a storage system, the method comprising:

receiving a file access request for the file or directory;

determining, in response to receiving the file access request, whether the requested file or directory is accessible through a metadirectory namespace containing files and directories which are not visible to one or more co-existing user-accessible namespaces, wherein the metadirectory namespace stores protected files and directories and the metadirectory namespace is a separate restricted-access hierarchical structure then the one or more user-accessible namespaces;

determining, in response to determining that the file or directory is accessible through the metadirectory namespace, whether an originator of the file access request is authorized to access the requested file or directory in the restricted-access metadirectory namespace; and

processing, in response to determining that the originator is authorized to access the file or directory, the received file access request.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A metadirectory namespace is provided for storing files and directories “hidden” from one or more user-accessible namespaces. The metadirectory namespace is a separate, parallel namespace that coexists with other user-accessible namespaces in a storage operating system. Files and directories may be identified as being stored in a metadirectory based on their location or based on their associated flags. The metadirectory namespace may be selectively exported only to clients, users and applications given special file access permissions.

31 Citations

View as Search Results

26 Claims

1. A method for accessing a file or directory at a storage system, the method comprising:
- receiving a file access request for the file or directory;
  
  determining, in response to receiving the file access request, whether the requested file or directory is accessible through a metadirectory namespace containing files and directories which are not visible to one or more co-existing user-accessible namespaces, wherein the metadirectory namespace stores protected files and directories and the metadirectory namespace is a separate restricted-access hierarchical structure then the one or more user-accessible namespaces;
  
  determining, in response to determining that the file or directory is accessible through the metadirectory namespace, whether an originator of the file access request is authorized to access the requested file or directory in the restricted-access metadirectory namespace; and
  
  processing, in response to determining that the originator is authorized to access the file or directory, the received file access request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, further comprising:
    - associating a flag with the requested file or directory, the value of the flag indicating whether the file or directory is accessible through the metadirectory namespace.
  - 3. The method according to claim 2, further comprising:
    - storing the flag in an inode corresponding to the requested file or directory.
  - 4. The method according to claim 2, further comprising:
    - storing the flag in an entry of a non-volatile memory, the entry corresponding to the received file access request.
  - 5. The method according to claim 1, wherein the requested file or directory is configuration information, system information, or support information.
  - 6. The method according to claim 1, wherein the metadirectory namespace is implemented by a file server comprising one or more storage volumes within a storage operating system.

7. A storage system, comprising:
- a processor;
  
  a network adapter configured to receive a file access request for a file or directory; and
  
  a memory configured to store one or more user-accessible namespaces and a metadirectory namespace, the metadirectory namespace containing protected files and directories which are not visible to users outside the storage system and the metadirectory namespace is a separate restricted-access hierarchical structure then the one or more user-accessible namespaces, the memory being further configured to store instructions for execution by the processor for performing the steps of;
  
  determining whether the requested file or directory is accessible through the restricted-access metadirectory namespace;
  
  determining, in response to determining that the file or directory is accessible through the metadirectory namespace, whether an originator of the file access request is authorized to access the requested file or directory in the restricted-access metadirectory namespace; and
  
  processing, in response to determining that the originator is authorized to access the file or directory, the received file access request.
- View Dependent Claims (8, 9, 10)
- - 8. The storage system according to claim 7, wherein the memory further comprises instructions for:
    - associating a flag with the requested file or directory, the value of the flag indicating whether the file or directory is accessible through the metadirectory namespace.
  - 9. The storage system according to claim 8, wherein the memory further comprises instructions for:
    - storing the flag in an inode corresponding to the requested file or directory.
  - 10. The storage system according to claim 8, further comprising:
    - a non-volatile memory configured to store entries for file access requests received at the network adapter; and
      
      wherein the memory further comprises instructions for storing the flag in an entry of the non-volatile memory, the entry corresponding to the received file access request.

11. A method for accessing data structures, comprising:
- receiving an access request for a data structure;
  
  determining whether the requested data structure is stored in a separate metadirectory namespace that is independent of one or more user-accessible namespaces, wherein the metadirectory namespace stores protected data structures and the metadirectory namespace is a separate restricted-access hierarchical structure then the one or more user-accessible namespaces; and
  
  in response to determining the requested data structure is stored in the metadirectory namespace, processing the access request upon determining an originator of the access request is permitted to access the requested data structure.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the one or more user-accessible namespaces and the metadirectory namespace each have separate root directory inodes.
  - 13. The method of claim 11, wherein the requested data structure is configuration information, system information or support information for one or more processes running in a storage operating system.
  - 14. The method of claim 11, wherein the metadirectory namespace is implemented by a file server comprising one or more storage volumes within a storage operating system.
  - 15. The method of claim 14, wherein each inode in the one or more storage volumes comprises at least one flag bit indicating whether the inode is included in the metadirectory namespace.
  - 16. The method of claim 11, wherein one or more flag bits are used to determine whether the requested data structure is stored in the metadirectory namespace.
  - 17. The method of claim 11, wherein a storage operating system associates separate libraries of function calls with the metadirectory namespace and the one or more user-accessible namespaces operable within the storage operating system.
  - 18. The method of claim 17, wherein the storage operating system determines the originator of the data structure access request is permitted to access a file or directory in the metadirectory namespace when the originator uses a file access call contained in the library of function calls associated with the metadirectory namespace.
  - 19. The method of claim 11, wherein the originator is a client, user, or application that is allowed to access the metadirectory namespace when given special access permissions.

20. A storage system, comprising:
- a processor;
  
  a network adapter configured to receive a access request for a data structure; and
  
  a memory configured to store one or more user-accessible namespaces and a metadirectory namespace, the metadirectory namespace containing protected data structures which are not visible to the one or more co-existent user-accessible namespaces and the metadirectory namespace is a separate restricted-access hierarchical structure then the one or more user-accessible namespaces, the memory being further configured to store instructions for execution by the processor for performing the steps of;
  
  determining whether the requested data structure is accessible through the restricted-access metadirectory namespace;
  
  determining, in response to determining that the file or directory is accessible through the metadirectory namespace, whether an originator of the access request is authorized to access the requested data structure; and
  
  processing, in response to determining that the originator is authorized to access the data structure, the received access request.
- View Dependent Claims (21, 22)
- - 21. The system of claim 20, wherein the one or more user-accessible namespaces and the metadirectory namespace each have separate root directory inodes.
  - 22. The system of claim 20, wherein the requested data structure is configuration information, system information or support information for one or more processes running in a storage operating system.

23. A computer-readable storage medium containing executable program instructions executed by a processor, comprising:
- program instructions that receive an access request for a data structure;
  
  program instructions that determine whether the requested data structure is accessible through a metadirectory namespace which is separate from one or more user-accessible namespaces, wherein the metadirectory namespace stores protected data structures and the metadirectory namespace is a separate restricted-access hierarchical structure then the one or more user-accessible namespaces;
  
  program instructions that determine, in response to determining that the requested data structure is accessible through the restricted-access metadirectory namespace, whether an requestor is authorized to access the data structure; and
  
  program instructions that access, in response to determining that the requestor is authorized, the requested data structure.
- View Dependent Claims (24, 25)
- - 24. The computer-readable storage medium of claim 23, wherein the one or more user-accessible namespaces and the metadirectory namespace each have separate root directory inodes.
  - 25. The computer-readable storage medium of claim 23, wherein the requested data structure is configuration information, system information or support information for one or more processes running in a storage operating system.

26. A method, comprising:
- receiving a first file access request for a file or a directory from a first client;
  
  determining, in response to receiving the first file access request, whether the requested file or directory is accessible through a metadirectory namespace containing files and directories which are not visible to one or more co-existing user-accessible namespaces, wherein the metadirectory namespace stores protected files and directories and the metadirectory namespace is a separate restricted-access hierarchical structure then the one or more user-accessible namespaces;
  
  determining, in response to determining that the file or directory is accessible through the metadirectory namespace, whether the first client is authorized to access the requested file or directory stored in the restricted-access metadirectory namespace;
  
  processing, in response to determining that the first client is authorized to access the file or directory, the first file access request;
  
  receiving a second file access request for a second file from a second client;
  
  determining the second file is stored with the metadirectory namespace; and
  
  restricting access to the second file in response to determining the second client is not authorized to access the metadirectory namespace.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Santry, Douglas J., Chen, Raymond C.
Primary Examiner(s)
AL HASHEMI, SANA A

Application Number

US11/861,863
Time in Patent Office

769 Days
Field of Search

707100-102, 707/104.1
US Class Current

1/1
CPC Class Codes

G06F 16/10   File systems; File servers

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99934   Query formulation, input pr...

Y10S 707/99935   Query augmenting and refini...

Y10S 707/99936   Pattern matching access

Y10S 707/99942   Manipulating data structure...

Y10S 707/99943   Generating database or data...

Y10S 707/99945   Object-oriented database st...

Metadirectory namespace and method for use of the same

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Metadirectory namespace and method for use of the same

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links