The following figure illustrates the procedure for creating a HiRDB file system area in an ordinary file.

Figure 2-1 Creating a HiRDB file system area in an ordinary file

(a) Preparations

Executor: Superuser

Do the following:

• Initialize a hard disk.
• Set up partitions on the initialized hard disk.
• Initialize the setup partitions as a UNIX file system.

See the OS documentation for instructions on performing these tasks.

(b) Creating a HiRDB file system area

Executor: HiRDB administrator

Execute the pdfmkfs command to create a HiRDB file system area in the UNIX file system area. The file mode initial value is 660 (octal).

(c) Setting access permissions

Executor: HiRDB administrator

To prevent unauthorized access by users lacking permission, change the file mode of the created HiRDB file system area.

Change the file mode using the umask or chmod command. Execute the umask command prior to creating the HiRDB file system area, and the chmod command after creating the HiRDB file system area.

See the OS documentation for details about these commands.

For details about access restrictions, see (3) HiRDB file system area access permissions.

(d) Setting up symbolic links

Executor: HiRDB administrator

We recommend using a name symbolically linked to the actual name using the OS's ln command rather than using the unaltered actual name of an ordinary file as the name of the HiRDB file system area.

See the OS documentation for details about the ln command.

The procedure to create a HiRDB file system area in a character special file or block special file is shown in the following figure.

Figure 2-2 Procedure to create a HiRDB file system area in a character special file or block special file

(a) Preparations

Executor: Superuser

Do the following:

• Initialize a hard disk.
• Set up partitions on the initialized hard disk.

See the OS documentation for instructions on performing these tasks.

(b) Creating a character special file or block special file

Executor: Superuser

Create a character special file or block special file and set its mode.

Creating a file

Character special file

Execute the mknod command to create a character special file for a disk partition.

For Linux 5 and later, create the file using a method other than the mknod command.

The following table shows how to create character special files in each OS. For details about the commands and functions, see the OS documentation.

Table 2-6 Creating character special files

OS	Disk partition	Creation method	Notes
Linux 5 or later	LV	Execute the raw command. To enable the disk partition, execute the raw command after LV is recognized.	To enable the disk partition, execute the raw command again when the OS restarts. To specify automatically execution of the raw command when the OS restarts, state the raw command in /etc/rc.local.
	Non-LV	Use the udev function.	Create a rule file for the udev function that defined the character special file, and place it in a suitable location.
Other operating systems	All types	Execute the mknod command.	None

Block special file

Use a disk partition as a block special file using OS commands (fdisk, parted, or mknod).

For details about the commands and functions, see the OS documentation.

Setting the mode

Set the mode of the created character special file or block special file as follows:

Owner, access permissions		Information to be set
Owner	User ID	HiRDB administrator
	Group ID	Group ID of the HiRDB administrator
Access permissions	Owner	rw (can read/write)
	Group	rw (can read/write)
	Other	-- (cannot access)

(c) Setting access permissions

Executor: Superuser

To prevent unauthorized access from unauthorized users, change the file mode of the created character special file or block special file.

Change the file mode using the umask or chmod command. Execute the umask command prior to creating the character special file or block special file and the chmod command after creating the file.

See the OS documentation for details about these commands.

In addition, in the case of Linux 6 or later, separate configuration of udev is required, because in the normal configuration it is not possible to secure access privileges to the block special file to the HiRDB administrator. For details about configuring udev, see the OS documentation.

For details about access restrictions, see (3) HiRDB file system area access permissions.

(d) Creating a HiRDB file system area

Executor: HiRDB administrator

Execute the pdfmkfs command to create a HiRDB file system area in a character special file or block special file.

(e) Setting up symbolic links

Executor: HiRDB administrator

As the name of the HiRDB file system area, we recommend using a name symbolically linked to the actual name using the OS's ln command, rather than using the unaltered actual name of a character special file or block special file.

See the OS documentation for details about the ln command.

This subsection describes Hitachi's approach to setting HiRDB file system area access permissions.

(a) Approach to set values

For greater security, we recommend that HiRDB establish a user group that has the same group ID on the OS as the HiRDB administrator, and that access to it by users outside that group be restricted. Hitachi also recommends only granting read/write access permissions for the HiRDB file system area to the area owner and the group.

For example, in a multi-HiRDB configuration, you can divide up access by HiRDB by setting up groups for each HiRDB. This can prevent unintended access to other HiRDBs.

For details about HiRDB groups, see 2.1.3 Setting up a HiRDB group.

(b) Changing access permissions

Notes on changing HiRDB file system area file modes are given below for each access permissions setting.

Access permissions setting (octal notation)	Description and notes
660	Recommended value.
640	Eliminates update permissions for users that have the same group ID as the HiRDB administrator. Operating commands, utilities and the like that allow execution by users other than the HiRDB administrator might not always be executable with user permissions other than those of the HiRDB administrator.
600	Only the HiRDB administrator has access permissions. Operating commands, utilities and the like that allow execution by users other than the HiRDB administrator might not always be executable with user permissions other than those of the HiRDB administrator.
Other	No change.

(c) umask settings

When changing the file mode of the HiRDB file system area, character special file, or block special file, set umask, by using the explanation in section (b) as a guide.

The initial value for file mode of the HiRDB file system area created by the pdfmkfs command grants the owner and group read/write permissions (660 in octal notation). For details about the initial file mode values of character special files or block special files created by the OS's mknod command, see the OS documentation.

(d) Access permissions for HiRDB files

The access permissions of the OS described above are enabled for the HiRDB file system area, but OS access permissions for files are disabled. HiRDB file access permissions cannot be controlled by HiRDB. Accordingly, to restrict access to individual HiRDB files, divide the HiRDB file system area and change the access permissions for each individual HiRDB file system area.