 | | Mandatory file locks are provided by some versions of UNIX, including SVR4. When a mandatory lock is present on a file, the kernel causes any calls to creat, open, read, and write issued by processes other than the one with the lock to fail, returning the EAGAIN error. This is more secure, in the sense that even processes that are not aware that the file must be accessed with a lock cannot access the file out of turn. However, mandatory file locks are also dangerous. If a process that holds a lock on some critical system file goes into an infinite loop or otherwise fails to remove the lock, it can cause the entire system to hang or even crash. For this reason, it is usually advisable to use advisory locks whenever possible. Mandatory locks are enabled on a per-file basis by setting the set-group-id bit and clearing the group execute bit in the file's permission modes (see Chapter 5, Files and Directories). This implies that it is not possible to set a mandatory file lock on a directory or an executable program. | |
|