1<?xml version="1.0" encoding="UTF-8" standalone="no"?> 2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3<html xmlns="http://www.w3.org/1999/xhtml"> 4 <head> 5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 6 <title>Chapter 2. Enabling Transactions</title> 7 <link rel="stylesheet" href="gettingStarted.css" type="text/css" /> 8 <meta name="generator" content="DocBook XSL Stylesheets V1.62.4" /> 9 <link rel="home" href="index.html" title="Getting Started with Berkeley DB Transaction Processing" /> 10 <link rel="up" href="index.html" title="Getting Started with Berkeley DB Transaction Processing" /> 11 <link rel="previous" href="perftune-intro.html" title="Performance Tuning" /> 12 <link rel="next" href="envopen.html" title="Opening a Transactional Environment and Store or Database " /> 13 </head> 14 <body> 15 <div class="navheader"> 16 <table width="100%" summary="Navigation header"> 17 <tr> 18 <th colspan="3" align="center">Chapter 2. Enabling Transactions</th> 19 </tr> 20 <tr> 21 <td width="20%" align="left"><a accesskey="p" href="perftune-intro.html">Prev</a> </td> 22 <th width="60%" align="center"> </th> 23 <td width="20%" align="right"> <a accesskey="n" href="envopen.html">Next</a></td> 24 </tr> 25 </table> 26 <hr /> 27 </div> 28 <div class="chapter" lang="en" xml:lang="en"> 29 <div class="titlepage"> 30 <div> 31 <div> 32 <h2 class="title"><a id="enabletxn"></a>Chapter 2. Enabling Transactions</h2> 33 </div> 34 </div> 35 <div></div> 36 </div> 37 <div class="toc"> 38 <p> 39 <b>Table of Contents</b> 40 </p> 41 <dl> 42 <dt> 43 <span class="sect1"> 44 <a href="enabletxn.html#environments">Environments</a> 45 </span> 46 </dt> 47 <dd> 48 <dl> 49 <dt> 50 <span class="sect2"> 51 <a href="enabletxn.html#filenaming">File Naming</a> 52 </span> 53 </dt> 54 <dt> 55 <span class="sect2"> 56 <a href="enabletxn.html#errorsupport">Error Support</a> 57 </span> 58 </dt> 59 <dt> 60 <span class="sect2"> 61 <a href="enabletxn.html#sharedmemory">Shared Memory Regions</a> 62 </span> 63 </dt> 64 <dt> 65 <span class="sect2"> 66 <a href="enabletxn.html#security">Security Considerations</a> 67 </span> 68 </dt> 69 </dl> 70 </dd> 71 <dt> 72 <span class="sect1"> 73 <a href="envopen.html">Opening a Transactional Environment and 74 75 Store or Database 76 77 </a> 78 </span> 79 </dt> 80 </dl> 81 </div> 82 <p> 83 In order to use transactions with your application, you must turn them 84 on. To do this you must: 85 </p> 86 <div class="itemizedlist"> 87 <ul type="disc"> 88 <li> 89 <p> 90 Use an 91 environment (see <a href="enabletxn.html#environments">Environments</a> for details). 92 </p> 93 </li> 94 <li> 95 <p> 96 Turn on transactions for your environment. 97 98 <span> 99 You do this by using the 100 <tt class="methodname">EnvironmentConfig.setTransactional()</tt> 101 method. 102 </span> 103 104 105 106 <span> 107 Note that initializing the transactional subsystem implies that 108 the logging subsystem is also initialized. Also, note that 109 if you do not initialize transactions when you first create 110 your environment, then you cannot use transactions for that 111 environment after that. This is because DB 112 allocates certain structures needed for transactional 113 locking that are not available if the environment is 114 created without transactional support. 115 </span> 116 </p> 117 </li> 118 <li> 119 <p> 120 Initialize the in-memory cache by 121 122 123 <span> 124 passing <tt class="literal">true</tt> to the 125 <tt class="methodname">EnvironmentConfig.setInitializeCache()</tt> 126 method. 127 </span> 128 </p> 129 </li> 130 <li> 131 <p> 132 Initialize the locking subsystem. This is what provides locking for concurrent applications. It also is used 133 to perform deadlock detection. See <a href="txnconcurrency.html">Concurrency</a> 134 for more information. 135 </p> 136 <p> 137 You initialize the locking subsystem by 138 139 140 <span> 141 passing <tt class="literal">true</tt> to the 142 <tt class="methodname">EnvironmentConfig.setInitializeLocking()</tt> 143 method. 144 </span> 145 </p> 146 </li> 147 <li> 148 <p> 149 If you are using the DPL, transaction-enable your stores. 150 You do this by using the 151 <tt class="methodname">StoreConfig.setTransactional() method.</tt> 152 </p> 153 </li> 154 <li> 155 <p> 156 <span> 157 Transaction-enable your databases. 158 </span> 159 <span> 160 If you are using the base API, transaction-enable your databases. 161 </span> 162 You do this by 163 <span> 164 using the 165 <tt class="methodname">DatabaseConfig.setTransactional()</tt> 166 method, and then opening the database from within a transaction. 167 </span> 168 169 170 171 172 173 <span> 174 Note that the common practice is for auto commit to be used to 175 transaction-protect the database open. To use auto-commit, you 176 must still enable transactions as described here, but you do 177 not have to explicitly use a transaction when you open your 178 database. An example of this is given in the next section. 179 </span> 180 </p> 181 </li> 182 </ul> 183 </div> 184 <div class="sect1" lang="en" xml:lang="en"> 185 <div class="titlepage"> 186 <div> 187 <div> 188 <h2 class="title" style="clear: both"><a id="environments"></a>Environments</h2> 189 </div> 190 </div> 191 <div></div> 192 </div> 193 <p> 194 For simple DB applications, environments are optional. However, in 195 order to transaction protect your database operations, you must use an 196 environment. 197 </p> 198 <p> 199 An <span class="emphasis"><em>environment</em></span>, represents an 200 encapsulation of one or more databases and any associated log and 201 region files. They are used to support multi-threaded 202 and multi-process applications by allowing different threads of 203 control to share the in-memory cache, the locking tables, the 204 logging subsystem, and the file namespace. By sharing these things, 205 your concurrent application is more efficient than if each thread 206 of control had to manage these resources on its own. 207 </p> 208 <p> 209 By default all DB databases are backed by files on disk. In 210 addition to these files, transactional DB applications create 211 logs that are also by default stored on disk (they can optionally 212 be backed using shared memory). Finally, transactional 213 DB applications also create and use shared-memory regions that 214 are also typically backed by the filesystem. But like databases and 215 logs, the regions can be maintained strictly in-memory if your 216 application requires it. For an example of an application that 217 manages all environment files in-memory, see 218 219 <span><a href="inmem_txnexample_java.html">Base API In-Memory Transaction Example</a>.</span> 220 221 222 </p> 223 <div class="sect2" lang="en" xml:lang="en"> 224 <div class="titlepage"> 225 <div> 226 <div> 227 <h3 class="title"><a id="filenaming"></a>File Naming</h3> 228 </div> 229 </div> 230 <div></div> 231 </div> 232 <p> 233 In order to operate, your DB application must be able to 234 locate its database files, log files, and region files. If these 235 are stored in the filesystem, then you must tell DB where 236 they are located (a number of mechanisms exist that allow you to 237 identify the location of these files – see below). Otherwise, 238 by default they are located in the current working directory. 239 </p> 240 <div class="sect3" lang="en" xml:lang="en"> 241 <div class="titlepage"> 242 <div> 243 <div> 244 <h4 class="title"><a id="envhome"></a>Specifying the Environment Home Directory</h4> 245 </div> 246 </div> 247 <div></div> 248 </div> 249 <p> 250 The environment home directory is used to determine where 251 DB files are located. Its location 252 is identified using one of the following mechanisms, in the 253 following order of priority: 254 </p> 255 <div class="itemizedlist"> 256 <ul type="disc"> 257 <li> 258 <p> 259 If no information is given as to where to put the 260 environment home, then the current working 261 directory is used. 262 </p> 263 </li> 264 <li> 265 <p> 266 If a home directory is specified on the 267 268 269 <tt class="methodname">Environment()</tt> 270 271 <span>constructor,</span> 272 then that location is always used for the environment 273 home. 274 </p> 275 </li> 276 <li> 277 <p> 278 If a home directory is not supplied to 279 280 281 <span><tt class="methodname">Environment()</tt>, </span> 282 then the directory identified by the <tt class="literal">DB_HOME</tt> environment variable 283 is used <span class="emphasis"><em>if</em></span> you specify 284 285 286 <span> 287 <tt class="literal">true</tt> to either the 288 <tt class="methodname">EnvironmentConfig.setUseEnvironment()</tt> 289 or 290 <tt class="methodname">EnvironmentConfig.setUseEnvironmentRoot()</tt> 291 method. Both methods allow you to identify the 292 path to the environment's home directory 293 using <tt class="literal">DB_HOME</tt>. However, 294 <tt class="methodname">EnvironmentConfig.setUseEnvironmentRoot()</tt> 295 is honored only if the process is run with root or administrative privileges. 296 </span> 297 </p> 298 </li> 299 </ul> 300 </div> 301 </div> 302 <div class="sect3" lang="en" xml:lang="en"> 303 <div class="titlepage"> 304 <div> 305 <div> 306 <h4 class="title"><a id="filelocation"></a>Specifying File Locations</h4> 307 </div> 308 </div> 309 <div></div> 310 </div> 311 <p> 312 By default, all DB files are created relative to the environment 313 home directory. For example, suppose your environment home is in 314 <tt class="literal">/export/myAppHome</tt>. Also suppose you name your database 315 <span><tt class="literal">data/myDatabase.db</tt>.</span> 316 317 Then in this case, the database is placed in: 318 <span><tt class="literal">/export/myAppHome/data/myDatabase.db</tt>.</span> 319 320 </p> 321 <p> 322 That said, DB always defers to absolute pathnames. 323 This means that if you provide an absolute filename when you 324 name your database, then that file is <span class="emphasis"><em>not</em></span> 325 placed relative to the environment home directory. Instead, it 326 is placed in the exact location that you specified for the 327 filename. 328 </p> 329 <p> 330 On UNIX systems, an absolute pathname is a name that begins with a 331 forward slash ('/'). On Windows systems, an absolute pathname is a 332 name that begins with one of the following: 333 </p> 334 <div class="itemizedlist"> 335 <ul type="disc"> 336 <li> 337 <p> 338 A backslash ('\'). 339 </p> 340 </li> 341 <li> 342 <p> 343 Any alphabetic letter, followed by a colon (':'), followed 344 by a backslash ('\'). 345 </p> 346 </li> 347 </ul> 348 </div> 349 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> 350 <h3 class="title">Note</h3> 351 <p> 352 Try not to use absolute path names for your 353 environment's files. Under certain recovery scenarios, absolute path names can 354 render your environment unrecoverable. This occurs if you are attempting to recover 355 you environment on a system that does not support the absolute path name that you used. 356 </p> 357 </div> 358 </div> 359 <div class="sect3" lang="en" xml:lang="en"> 360 <div class="titlepage"> 361 <div> 362 <div> 363 <h4 class="title"><a id="splittingdata"></a>Identifying Specific File Locations</h4> 364 </div> 365 </div> 366 <div></div> 367 </div> 368 <p> 369 As described in the previous sections, DB will place all its 370 files in or relative to the environment home directory. 371 You can also cause a 372 specific database file to be placed in a particular location by 373 using an absolute path name for its name. In this 374 situation, the environment's home directory is not 375 considered when naming the file. 376 </p> 377 <p> 378 It is frequently desirable to place database, log, and region files on separate 379 disk drives. By spreading I/O across multiple drives, you 380 can increase parallelism and improve throughput. 381 Additionally, by placing log files and database files on 382 separate drives, you improve your application's 383 reliability by providing your application with a greater 384 chance of surviving a disk failure. 385 </p> 386 <p> 387 You can cause DB's files to be placed in specific 388 locations using the following mechanisms: 389 </p> 390 <div class="informaltable"> 391 <table border="1" width="80%"> 392 <colgroup> 393 <col /> 394 <col /> 395 </colgroup> 396 <thead> 397 <tr> 398 <th>File Type</th> 399 <th>To Override</th> 400 </tr> 401 </thead> 402 <tbody> 403 <tr> 404 <td>database files</td> 405 <td> 406 <p> 407 You can cause database files to be created 408 in a directory other than the 409 environment home by using the 410 411 412 <tt class="methodname">EnvironmentConfig.addDataDir()</tt> 413 method. 414 The directory identified 415 here must exist. If a relative path is 416 provided, then the directory location is 417 resolved relative to the environment's home 418 directory. 419 </p> 420 <p> 421 This method modifies the directory 422 used for database files created and managed by 423 a single environment handle; it does not 424 configure the entire environment. 425 426 </p> 427 <p> 428 You can also set a default data location that is used by 429 the entire environment by using the 430 <tt class="literal">set_data_dir</tt> parameter 431 in the environment's <tt class="literal">DB_CONFIG</tt> file. 432 Note that the <tt class="literal">set_data_dir</tt> 433 parameter overrides any value set by the 434 435 436 <tt class="methodname">EnvironmentConfig.addDataDir()</tt> 437 method. 438 </p> 439 </td> 440 </tr> 441 <tr> 442 <td>Log files</td> 443 <td> 444 <p> 445 You can cause log files to be created 446 in a directory other than the environment home 447 directory by using the 448 449 450 <tt class="methodname">EnvironmentConfig.LogDirectory()</tt> 451 method. The directory identified 452 here must exist. If a relative path is 453 provided, then the directory location is 454 resolved relative to the environment's home 455 directory. 456 </p> 457 <p> 458 This method modifies the directory 459 used for database files created and managed by 460 a single environment handle; it does not 461 configure the entire environment. 462 463 </p> 464 <p> 465 You can also set a default log file location that is used by 466 the entire environment by using the 467 <tt class="literal">set_lg_dir</tt> parameter 468 in the environment's <tt class="literal">DB_CONFIG</tt> file. 469 Note that the <tt class="literal">set_lg_dir</tt> 470 parameter overrides any value set by the 471 472 473 <tt class="methodname">EnvironmentConfig.LogDirectory()</tt> 474 method. 475 </p> 476 </td> 477 </tr> 478 <tr> 479 <td>Region files</td> 480 <td> 481 If backed by the filesystem, region 482 files are always placed in the environment home 483 directory. 484 </td> 485 </tr> 486 </tbody> 487 </table> 488 </div> 489 <p> 490 Note that the <tt class="literal">DB_CONFIG</tt> must reside in the 491 environment home directory. Parameters are specified in it one 492 parameter to a line. Each parameter is followed by a space, 493 which is followed by the parameter value. For example: 494 </p> 495 <pre class="programlisting"> set_data_dir /export1/db/env_data_files </pre> 496 </div> 497 </div> 498 <div class="sect2" lang="en" xml:lang="en"> 499 <div class="titlepage"> 500 <div> 501 <div> 502 <h3 class="title"><a id="errorsupport"></a>Error Support</h3> 503 </div> 504 </div> 505 <div></div> 506 </div> 507 <p> 508 To simplify error handling and to aid in application debugging, environments offer several useful 509 methods. 510 511 <span>Note that many of these 512 methods are identical to the error handling methods available for the 513 514 515 <span>DatabaseConfig</span> 516 517 <span>class.</span> 518 519 </span> 520 521 They are: 522 </p> 523 <div class="itemizedlist"> 524 <ul type="disc"> 525 <li> 526 <p> 527 528 <tt class="methodname">EnvironmentConfig.setErrorStream()</tt> 529 </p> 530 <p> 531 Sets the 532 533 <span>Java <tt class="classname">OutputStream</tt></span> 534 to be used for displaying error messages issued by the DB library. 535 </p> 536 </li> 537 <li> 538 <p> 539 540 <tt class="methodname">EnvironmentConfig.setErrorHandler()</tt> 541 </p> 542 <p> 543 Defines the message handler that is called when an error message is 544 issued by DB. The error prefix and message are passed to 545 this callback. It is up to the application to display this 546 information correctly. 547 </p> 548 <p> 549 Note that the message handler must be an implementation of the 550 <tt class="classname">com.sleepycat.db.ErrorHandler</tt> 551 interface. 552 </p> 553 </li> 554 <li> 555 <p> 556 557 <tt class="methodname">EnvironmentConfig.setErrorPrefix()</tt> 558 </p> 559 <p> 560 Sets the prefix used to for any error messages issued by the 561 DB library. 562 </p> 563 </li> 564 </ul> 565 </div> 566 </div> 567 <div class="sect2" lang="en" xml:lang="en"> 568 <div class="titlepage"> 569 <div> 570 <div> 571 <h3 class="title"><a id="sharedmemory"></a>Shared Memory Regions</h3> 572 </div> 573 </div> 574 <div></div> 575 </div> 576 <p> 577 The subsystems that you enable for an environment (in our case, 578 transaction, logging, locking, and the memory pool) 579 are described by one or more regions. The regions contain all of the 580 state information that needs to be shared among threads and/or 581 processes using the environment. 582 </p> 583 <p> 584 Regions may be backed by the file system, by heap memory, or by 585 system shared memory. 586 </p> 587 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> 588 <h3 class="title">Note</h3> 589 <p> 590 When DB dynamically obtains memory, it uses memory outside of the JVM. Normally the amount of memory 591 that DB obtains is trivial, a few bytes here and there, so you might not notice it. However, if 592 heap or system memory is used to back your region files, then this can represent a significant amount of 593 memory being used by DB above and beyond the memory required by the JCM process. As a result, the 594 JVM process may appear to be using more memory than you told the process it could use. 595 </p> 596 </div> 597 <div class="sect3" lang="en" xml:lang="en"> 598 <div class="titlepage"> 599 <div> 600 <div> 601 <h4 class="title"><a id="filebackedregions"></a>Regions Backed by Files</h4> 602 </div> 603 </div> 604 <div></div> 605 </div> 606 <p> 607 By default, shared memory regions are created as files in the environment's 608 home directory (<span class="emphasis"><em>not</em></span> the environment's data 609 directory). If it is available, the POSIX <tt class="literal">mmap</tt> 610 interface is used to map these files into your application's 611 address space. If <tt class="literal">mmap</tt> 612 is not available, then the UNIX <tt class="literal">shmget</tt> interfaces 613 are used instead (again, if they are available). 614 </p> 615 <p> 616 In this default case, the region files are named 617 <tt class="literal">__db.###</tt> 618 (for example, <tt class="literal">__db.001</tt>, <tt class="literal">__db.002</tt>, 619 and so on). 620 </p> 621 </div> 622 <div class="sect3" lang="en" xml:lang="en"> 623 <div class="titlepage"> 624 <div> 625 <div> 626 <h4 class="title"><a id="heapbackedregions"></a>Regions Backed by Heap Memory</h4> 627 </div> 628 </div> 629 <div></div> 630 </div> 631 <p> 632 If heap memory is used to back your shared memory regions, 633 the environment may only be 634 accessed by a single process, although that process may be 635 multi-threaded. In this case, the regions are managed only in 636 memory, and they are not written to the filesystem. You 637 indicate that heap memory is to be used for the region files by 638 specifying 639 640 641 <span> 642 <tt class="literal">true</tt> to the 643 <tt class="methodname">EnvironmentConfig.setPrivate()</tt> 644 method. 645 </span> 646 647 </p> 648 <p> 649 (For an example of an entirely in-memory transactional 650 application, see 651 652 <span> 653 <a href="inmem_txnexample_java.html">Base API In-Memory Transaction Example</a>.) 654 </span> 655 656 657 </p> 658 </div> 659 <div class="sect3" lang="en" xml:lang="en"> 660 <div class="titlepage"> 661 <div> 662 <div> 663 <h4 class="title"><a id="systembackedregions"></a>Regions Backed by System Memory</h4> 664 </div> 665 </div> 666 <div></div> 667 </div> 668 <p> 669 Finally, you can cause system memory to be used for your 670 regions instead of memory-mapped files. You do this by providing 671 672 673 <span> 674 <tt class="literal">true</tt> to the 675 <tt class="methodname">EnvironmentConfig.setSystemMemory()</tt> 676 method. 677 </span> 678 </p> 679 <p> 680 When region files are backed by system memory, DB creates a 681 single file in the environment's home directory. This file 682 contains information necessary to identify the system shared 683 memory in use by the environment. By creating this file, DB 684 enables multiple processes to share the environment. 685 </p> 686 <p> 687 The system memory that is used is architecture-dependent. For 688 example, on systems supporting X/Open-style shared memory 689 interfaces, such as UNIX systems, the <tt class="literal">shmget(2)</tt> 690 and related System V IPC interfaces are used. 691 692 <span> 693 694 Additionally, VxWorks systems use system memory. In these cases, 695 an initial segment ID must be specified by the application to 696 ensure that applications do not overwrite each other's 697 environments, so that the number of segments created does not 698 grow without bounds. See the 699 700 701 702 <tt class="methodname">EnvironmentConfig.setSegmentId()</tt> 703 method for more information. 704 </span> 705 </p> 706 <p> 707 On Windows platforms, the use of system memory for the region files 708 is problematic because the operating system uses reference counting 709 to clean up shared objects in the paging file automatically. In 710 addition, the default access permissions for shared objects are 711 different from files, which may cause problems when an environment 712 is accessed by multiple processes running as different users. See 713 <a href="" target="_top">Windows notes</a> 714 or more information. 715 </p> 716 </div> 717 </div> 718 <div class="sect2" lang="en" xml:lang="en"> 719 <div class="titlepage"> 720 <div> 721 <div> 722 <h3 class="title"><a id="security"></a>Security Considerations</h3> 723 </div> 724 </div> 725 <div></div> 726 </div> 727 <p> 728 When using environments, there are some security considerations to 729 keep in mind: 730 </p> 731 <div class="itemizedlist"> 732 <ul type="disc"> 733 <li> 734 <p> 735 Database environment permissions 736 </p> 737 <p> 738 The directory used for the environment 739 should have its permissions set to ensure that files in the 740 environment are not accessible to users without appropriate 741 permissions. Applications that add to the user's permissions 742 (for example, UNIX <tt class="literal">setuid</tt> or 743 <tt class="literal">setgid</tt> applications), must be 744 carefully checked to not permit illegal use of those 745 permissions such as general file access in the environment 746 directory. 747 </p> 748 </li> 749 <li> 750 <p> 751 Environment variables 752 </p> 753 <p> 754 Setting 755 756 757 <span> 758 <tt class="literal">true</tt> for <tt class="methodname">EnvironmentConfig.setUseEnvironment()</tt> 759 or 760 <tt class="methodname">EnvironmentConfig.setUseEnvironmentRoot()</tt> 761 </span> 762 763 so that environment variables can be used during file naming 764 can be dangerous. Setting those flags in DB 765 applications with additional permissions (for example, UNIX 766 <tt class="literal">setuid</tt> or <tt class="literal">setgid</tt> 767 applications) could potentially allow users 768 to read and write databases to which they would not normally 769 have access. 770 </p> 771 <p> 772 For example, suppose you write a DB application 773 that runs <tt class="literal">setuid</tt>. This means that 774 when the application runs, it does so under a 775 userid different than that of the application's caller. 776 This is especially problematic if the application is 777 granting stronger privileges to a user than the user 778 might ordinarily have. 779 </p> 780 <p> 781 Now, if 782 783 <span> 784 <tt class="literal">true</tt> is specified 785 for <tt class="methodname">EnvironmentConfig.setUseEnvironment()</tt> 786 or 787 <tt class="methodname">EnvironmentConfig.setUseEnvironmentRoot()</tt>, 788 </span> 789 790 791 then the environment that the application is 792 using is modifiable using the 793 <tt class="literal">DB_HOME</tt> environment variable. In 794 this scenario, if the uid used by the application has 795 sufficiently broad privileges, then the application's caller 796 can read and/or write databases owned by another user 797 simply by setting his 798 <tt class="literal">DB_HOME</tt> environment variable to the 799 environment used by that other user. 800 </p> 801 <p> 802 Note that this scenario need not be malicious; the 803 wrong environment could be used by the application 804 simply by inadvertently specifying the wrong path to 805 <tt class="literal">DB_HOME</tt>. 806 </p> 807 <p> 808 As always, you should use <tt class="literal">setuid</tt> 809 sparingly, if at all. But if you do use 810 <tt class="literal">setuid</tt>, then you should refrain from 811 specifying 812 813 <span> 814 <tt class="literal">true</tt> for <tt class="methodname">EnvironmentConfig.setUseEnvironment()</tt> 815 or 816 <tt class="methodname">EnvironmentConfig.setUseEnvironmentRoot()</tt> 817 </span> 818 for the environment open. And, of course, if you must 819 use <tt class="literal">setuid</tt>, then make sure you use 820 the weakest uid possible – preferably one that is 821 used only by the application itself. 822 </p> 823 </li> 824 <li> 825 <p> 826 File permissions 827 </p> 828 <p> 829 By default, DB always creates database and log files readable and 830 writable by the owner and the group (that is, 831 <tt class="literal">S_IRUSR</tt>, 832 <tt class="literal">S_IWUSR</tt>, <tt class="literal">S_IRGRP</tt> and 833 <tt class="literal">S_IWGRP</tt>; or octal mode 0660 on historic 834 UNIX systems). The group ownership of created files is based 835 on the system and directory defaults, and is not further 836 specified by DB. 837 </p> 838 </li> 839 <li> 840 <p> 841 Temporary backing files 842 </p> 843 <p> 844 If an unnamed database is created and the cache is too small 845 to hold the database in memory, Berkeley DB will create a 846 temporary physical file to enable it to page the database to 847 disk as needed. In this case, environment variables such as 848 <tt class="literal">TMPDIR</tt> may be used to specify the 849 location of that temporary file. Although temporary backing 850 files are created readable and writable by the owner only 851 (<tt class="literal">S_IRUSR</tt> and <tt class="literal">S_IWUSR</tt>, 852 or octal mode 0600 on historic UNIX systems), some 853 filesystems may not sufficiently protect temporary files 854 created in random directories from improper access. To be 855 absolutely safe, applications storing sensitive data in 856 unnamed databases should use the 857 858 859 <tt class="methodname">EnvironmentConfig.setTemporaryDirectory()</tt> 860 method to specify a temporary directory with known permissions. 861 </p> 862 </li> 863 </ul> 864 </div> 865 </div> 866 </div> 867 </div> 868 <div class="navfooter"> 869 <hr /> 870 <table width="100%" summary="Navigation footer"> 871 <tr> 872 <td width="40%" align="left"><a accesskey="p" href="perftune-intro.html">Prev</a> </td> 873 <td width="20%" align="center"> 874 <a accesskey="u" href="index.html">Up</a> 875 </td> 876 <td width="40%" align="right"> <a accesskey="n" href="envopen.html">Next</a></td> 877 </tr> 878 <tr> 879 <td width="40%" align="left" valign="top">Performance Tuning </td> 880 <td width="20%" align="center"> 881 <a accesskey="h" href="index.html">Home</a> 882 </td> 883 <td width="40%" align="right" valign="top"> Opening a Transactional Environment and 884 885 Store or Database 886 887 </td> 888 </tr> 889 </table> 890 </div> 891 </body> 892</html> 893