# Storage File Locking ##### Last Updated: September 15, 2023 Supported Providers: * [[:server/cifs-single]] * [[:server/cifs]] * [[:cloudproviders/nasuni|]] Access Anywhere provides [[:admin/filelocking]] for files edited through Access Anywhere and can extend these file locks to the underlying storage to enhance protection when users may also be editing from the storage directly. When a file is edited through [[:cloudedit]], for example, a write-lock is placed on the file in storage before the file is downloaded and opened for editing. Other users opening the file whether inside or outside of Access Anywhere will be able to view the file (read-only) but not make changes. When the file is closed the storage lock is released. If the file had been already locked, then Cloud Edit will instead open the file in read-only mode. ## Enabling Storage Locking Integration ### 1. Appliance Settings To enable the locking service for Access Anywhere login to your **appladmin** account and visit **Site Functionality**. You should enable the "SMB - Storage Locking Enabled" option and set the value field to, for example: https://127.0.0.1:2201/ 127.0.0.1 is the IP address to use on a single node Access Anywhere installation. If you are configuring this on a H/A multi-node system, you should alter the host name or IP address as appropriate so that it only points to the node on which the locking service is running. {{:server:smb-locking:appladmin-settings-sitefunc.png?400|}} ### 2. Provider Settings Provider File Locking must also be enabled per-provider from Provider Settings. {{:server:smb-locking:provider-file-locking.png?300|}} ## Supported Storage Platforms The Storage Level Locking feature is available for the following connectors: * [[server/cifs-single]] * [[server/cifs]] * [[cloudproviders/nasuni|]] ## Implementation Provider locks are created through through Access Anywhere's Storage Locking Service. The service runs as a container within Access Anywhere appliance or cluster. If the locking service is not running, it will be unable to acquire file locks. Likewise stopping or restarting the service will drop any locks currently acquired. ### Providing Locking Process When a user opens a file for editing via a Access Anywhere app the app first requests that a file lock. The same approach is taken by the Cloud Drive and for files edited through Microsoft Online - a lock is requested first. If Access Anywhere has not already locked the file, and provider locking integration is enabled, it requests that a write-lock (also called a share lock) be created on the provider file. There are two possible outcomes: * **Success** - If the write-lock is successful Access Anywhere marks the file as locked, granting the lock request to the app. The user can open the file for editing! Because of the write-lock other users will not be able to edit the file on the provider - they will be able to open it for viewing. * **Failure** - If the write-lock fails Access Anywhere denies the lock request to the app and the app only lets the user only open the file for viewing. Other users will not be able to edit the file either, as there is a lock on the provider and they won't be able to lock it through Access Anywhere. Once Access Anywhere lock is released, after either the file is closed, the lock is released manually or the lock times out in some circumstances, the locking service will release the file lock on the provider. Provider locks are also released if the locked file is renamed or moved through either Access Anywhere or through the storage directly. ### OpenOffice Lock Files Access Anywhere also creates lock files for OpenOffice files preventing OpenOffice users from opening files that are locked by Microsoft Office or other users. These files are created on the provider storage in the following format: .~lock.Marketing Newsletter.docx# ## Troubleshooting ### Check Appliance Settings Check provider locking is configured for the appliance. Log in as the Appliance Admin and check Site Functionality. A single-node site should be configured for 127.0.0.1 or localhost. For a multi-node deployment the locking service should be configured to a specific node hostname or IP address or for a virtual IP address (VIP). {{:server:smb-locking:appladmin-settings-sitefunc.png?400|}} ### Check Provider Settings Check provider file locking is enabled for the provider: {{:server:smb-locking:provider-file-locking.png?300|}} ### Check Locking Service To check that the locking service is running, log in to Access Anywhere console as root and execute: docker ps | grep ff-cifs-locker The locking service should be running automatically, however if it is not, you can run: cd /var/www/smestorage/containers/cifs-locker /usr/local/bin/docker-compose up -d If you are running a multi-node system, the locking service should only be run on one node. ### Check Appliance Logs Check the appliance logs for issues connecting to the locking service. For debugging the debug filter 'cifslock|cifslockext' can be enabled in /var/www/smestorage/public_html/config.inc.php. Note that Access Anywhere's command line config editing tool, new in Access Anywhere version 2006, can be used to set and clear these flags. Check logits.txt. ### Check Locking Service Logs and Locks From the console as root you can view the detail logs of the cifs locker docker logs -f ff-cifs-locker That log data can be filtered based on file name as well like so: docker logs ff-cifs-locker | grep testfile.docx | less