Difference between revisions of "Access control for the LFC"
| Line 1: | Line 1: | ||
| + | This page is part of an investigation on [[How to control access rights for LFC/SRM files]] . | ||
| + | |||
| == Finding out how the Local File Catalog is organized == | == Finding out how the Local File Catalog is organized == | ||
| − | + | To list the Local File Catalog for a particular VO use | |
| + |   lcg-infosites --vo <YOUR-VO> lfc | ||
| + | which results in | ||
| + |  lfc.grid.sara.nl | ||
| + | |||
| + | '''Note''' the current version of the <tt>lcg-infosites</tt> command does not use your grid proxy at all ! | ||
| + | |||
| + | Set the environment variable LFC_HOST to point this host | ||
| + |  export LFC_HOST=lfc.grid.sara.nl | ||
| + | You can then use the <tt>lfc-ls</tt> command to figure out how the LFC is organized: | ||
| + |  $ lfc-ls -l / | ||
| + |  drwxr-xr-x  31 root     root                      0 Feb 15  2007 grid | ||
| + | |||
| + |  $ lfc-ls -l /grid | ||
| + |  [SNIP] | ||
| + |  drwxrwxr-x  37 root     2025                      0 Aug 04 13:31 pvier | ||
| + |  drwxrwxr-x  28 root     2031                      0 Aug 06 10:34 vlemed | ||
| + |  [SNIP] | ||
| + | |||
| + | Hey, we are at the VO level now. Here I've listed the two VOs which will be used throughout this page. | ||
| + | |||
| + | = Creating your own directory in LFC-space = | ||
| + | |||
| + | Before we register a file in the LFC we first create our own directory. | ||
| + |  lfc-mkdir /grid/pvier/janjust | ||
| = Copying and registering your file = | = Copying and registering your file = | ||
| + | |||
| + | In another part of this investigation we created an SRM directory on a DPM server.  | ||
| + | The URL for this directory will be used throughout the rest of this page, hence we abbreviate it to | ||
| + |  SRM=srm://tbn18.nikhef.nl:8446/dpm/nikhef.nl/home/pvier/janjust | ||
| + | For more details, see [[Access control for DPM storage elements]]. | ||
| + | |||
| + | Next we will copy a file to an SRM directory we created earlier and register it in the LFC in one go: | ||
| + |  $ lcg-cr -d $SRM/myfile -l lfn:/grid/pvier/janjust/my-dpm-file file://$PWD/myfile | ||
| + |  guid:bbdad839-b2d1-46f6-95ab-5b6561f7e72f | ||
| + | which returns the LFC GUID for the file upon success. | ||
| * lcg-cr .... with full path | * lcg-cr .... with full path | ||
Revision as of 14:03, 6 August 2009
This page is part of an investigation on How to control access rights for LFC/SRM files .
Finding out how the Local File Catalog is organized
To list the Local File Catalog for a particular VO use
lcg-infosites --vo <YOUR-VO> lfc
which results in
lfc.grid.sara.nl
Note the current version of the lcg-infosites command does not use your grid proxy at all !
Set the environment variable LFC_HOST to point this host
export LFC_HOST=lfc.grid.sara.nl
You can then use the lfc-ls command to figure out how the LFC is organized:
$ lfc-ls -l / drwxr-xr-x 31 root root 0 Feb 15 2007 grid $ lfc-ls -l /grid [SNIP] drwxrwxr-x 37 root 2025 0 Aug 04 13:31 pvier drwxrwxr-x 28 root 2031 0 Aug 06 10:34 vlemed [SNIP]
Hey, we are at the VO level now. Here I've listed the two VOs which will be used throughout this page.
Creating your own directory in LFC-space
Before we register a file in the LFC we first create our own directory.
lfc-mkdir /grid/pvier/janjust
Copying and registering your file
In another part of this investigation we created an SRM directory on a DPM server. The URL for this directory will be used throughout the rest of this page, hence we abbreviate it to
SRM=srm://tbn18.nikhef.nl:8446/dpm/nikhef.nl/home/pvier/janjust
For more details, see Access control for DPM storage elements.
Next we will copy a file to an SRM directory we created earlier and register it in the LFC in one go:
$ lcg-cr -d $SRM/myfile -l lfn:/grid/pvier/janjust/my-dpm-file file://$PWD/myfile guid:bbdad839-b2d1-46f6-95ab-5b6561f7e72f
which returns the LFC GUID for the file upon success.
- lcg-cr .... with full path
- lcg-cr .... with generated path
Looking at the permissions
- lfc-getacl
- lfc-la
- lfc-lg
- lfc-lr
- lfc-ls
- lcg-gt
Modifying the permissions
- lfc-setacl
Verifying access control
- lfc-getacl
- lfc-la
- lfc-lg
- lfc-lr
- lfc-ls
- Try to access the file as another user
