Difference between revisions of "How to control access rights for LFC/SRM files"
From PDP/Grid Wiki
Jump to navigationJump to search| Line 13: | Line 13: | ||
== Looking at the permissions == | == Looking at the permissions == | ||
| − | |||
* SRM : srm-get-permissions | * SRM : srm-get-permissions | ||
== Modifying the permissions == | == Modifying the permissions == | ||
| − | |||
* SRM : srm-set-permissions | * SRM : srm-set-permissions | ||
== Verifying access control == | == Verifying access control == | ||
| − | |||
* SRM : srm-get-permissions | * SRM : srm-get-permissions | ||
* Try to access the file as another user | * Try to access the file as another user | ||
| Line 40: | Line 37: | ||
== Looking at the permissions == | == Looking at the permissions == | ||
| − | |||
* SRM : srm-get-permissions is broken | * SRM : srm-get-permissions is broken | ||
** dpns-getacl | ** dpns-getacl | ||
| Line 46: | Line 42: | ||
== Modifying the permissions == | == Modifying the permissions == | ||
| − | |||
* SRM : dpns-setacl | * SRM : dpns-setacl | ||
== Verifying access control == | == Verifying access control == | ||
| − | |||
* SRM | * SRM | ||
| + | * Try to access the file as another user | ||
| + | |||
| + | = Case #3: LFC = | ||
| + | |||
| + | == Copying and registering your file == | ||
| + | |||
| + | * lcg-cr .... with full path | ||
| + | * lcg-cr .... with generated path | ||
| + | |||
| + | == Looking at the permissions == | ||
| + | |||
| + | * lfc-getacl | ||
| + | * lfc-la | ||
| + | * lfc-lg | ||
| + | * lfc-lr | ||
| + | * lfc-ls | ||
| + | * lcg-gt | ||
| + | |||
| + | == Modifying the permissions == | ||
| + | |||
| + | * lfc-setacl | ||
| + | |||
| + | == Verifying access control == | ||
| + | |||
| + | * lfc-getacl | ||
| + | * lfc-la | ||
| + | * lfc-lg | ||
| + | * lfc-lr | ||
| + | * lfc-ls | ||
* Try to access the file as another user | * Try to access the file as another user | ||
Revision as of 16:36, 5 August 2009
Storing files on the grid is one thing. Controlling access to these files is a different matter. This page is the result of an ongoing investigation on how to control access rights for different storage systems (currently: dCache and DPM), as well as the way a files is stored and accessed on the Local File Catalog (LFC).
Case #1: dCache
Creating your own directory in SRM-space
srmmkdir ....
Copying and registering your file
lcg-cr ....
Looking at the permissions
- SRM : srm-get-permissions
Modifying the permissions
- SRM : srm-set-permissions
Verifying access control
- SRM : srm-get-permissions
- Try to access the file as another user
Case #2: DPM
Creating your own directory in DPM-space
srmmkdir .... ?? dpns-mkdir
Copying and registering your file
lcg-cr ....
Looking at the permissions
- SRM : srm-get-permissions is broken
- dpns-getacl
Modifying the permissions
- SRM : dpns-setacl
Verifying access control
- SRM
- Try to access the file as another user
Case #3: LFC
Copying and registering your file
- lcg-cr .... with full path
- lcg-cr .... with generated path
Looking at the permissions
- lfc-getacl
- lfc-la
- lfc-lg
- lfc-lr
- lfc-ls
- lcg-gt
Modifying the permissions
- lfc-setacl
Verifying access control
- lfc-getacl
- lfc-la
- lfc-lg
- lfc-lr
- lfc-ls
- Try to access the file as another user
