Difference between revisions of "How to control access rights for LFC/SRM files"
From PDP/Grid Wiki
Jump to navigationJump to searchLine 1: | Line 1: | ||
Storing files on the grid is one thing. Controlling access to these files is a different matter. This page is the result of an ongoing investigation on how to control access rights for different storage systems (currently: dCache and DPM), as well as the way a files is stored and accessed on the Local File Catalog (LFC). | Storing files on the grid is one thing. Controlling access to these files is a different matter. This page is the result of an ongoing investigation on how to control access rights for different storage systems (currently: dCache and DPM), as well as the way a files is stored and accessed on the Local File Catalog (LFC). | ||
− | = Case #1: dCache | + | = Case #1: dCache = |
== Step 1: Creating your own directory in SRM-space == | == Step 1: Creating your own directory in SRM-space == | ||
+ | |||
+ | srmmkdir .... | ||
+ | |||
+ | == Step 2: Copying and registering your file == | ||
+ | |||
+ | lcg-cr .... | ||
+ | |||
+ | == Step 3: Looking at the permissions == | ||
+ | |||
+ | * LFC | ||
+ | * SRM : srm-get-permissions | ||
+ | |||
+ | == Step 4: Modifying the permissions == | ||
+ | |||
+ | * LFC | ||
+ | * SRM : srm-set-permissions | ||
+ | |||
+ | == Step 5: Verifying access control == | ||
+ | |||
+ | * LFC | ||
+ | * SRM : srm-get-permissions | ||
+ | * Try to access the file as another user | ||
+ | |||
+ | = Case #2: DPM = | ||
+ | |||
+ | == Step 1: Creating your own directory in DPM-space == | ||
+ | |||
+ | srmmkdir .... ?? | ||
+ | dpns-mkdir | ||
== Step 2: Copying and registering your file == | == Step 2: Copying and registering your file == | ||
+ | |||
+ | lcg-cr .... | ||
+ | |||
+ | == Step 3: Looking at the permissions == | ||
+ | |||
+ | * LFC | ||
+ | * SRM : srm-get-permissions is broken | ||
+ | ** dpns-getacl | ||
+ | |||
+ | == Step 4: Modifying the permissions == | ||
+ | |||
+ | * LFC | ||
+ | * SRM : dpns-setacl | ||
+ | |||
+ | == Step 5: Verifying access control == | ||
+ | |||
+ | * LFC | ||
+ | * SRM | ||
+ | * Try to access the file as another user |
Revision as of 16:31, 5 August 2009
Storing files on the grid is one thing. Controlling access to these files is a different matter. This page is the result of an ongoing investigation on how to control access rights for different storage systems (currently: dCache and DPM), as well as the way a files is stored and accessed on the Local File Catalog (LFC).
Case #1: dCache
Step 1: Creating your own directory in SRM-space
srmmkdir ....
Step 2: Copying and registering your file
lcg-cr ....
Step 3: Looking at the permissions
- LFC
- SRM : srm-get-permissions
Step 4: Modifying the permissions
- LFC
- SRM : srm-set-permissions
Step 5: Verifying access control
- LFC
- SRM : srm-get-permissions
- Try to access the file as another user
Case #2: DPM
Step 1: Creating your own directory in DPM-space
srmmkdir .... ?? dpns-mkdir
Step 2: Copying and registering your file
lcg-cr ....
Step 3: Looking at the permissions
- LFC
- SRM : srm-get-permissions is broken
- dpns-getacl
Step 4: Modifying the permissions
- LFC
- SRM : dpns-setacl
Step 5: Verifying access control
- LFC
- SRM
- Try to access the file as another user