Difference between revisions of "How to control access rights for LFC/SRM files"
From PDP/Grid Wiki
Jump to navigationJump to search (→dCache) |
|||
| Line 2: | Line 2: | ||
= dCache = | = dCache = | ||
| + | |||
| + | Before we start: it is assumed that you already have generated a valid VOMS proxy prior to attempting any of these commands. It is also assumed that you have access rights to the storage systems used below. | ||
| + | |||
| + | == Finding out how storage is organized == | ||
| + | |||
| + | To list the storage systems to which you have access use | ||
| + | lcg-infosites --vo <YOUR-VO> se | ||
| + | which for my proxies currently results in | ||
| + | Avail Space(Kb) Used Space(Kb) Type SEs | ||
| + | ---------------------------------------------------------- | ||
| + | 12078 108 n.a srm.grid.rug.nl | ||
| + | 12078 108 n.a srm.grid.rug.nl | ||
| + | 730582644 681194097 n.a gb-se-amc.amc.nl | ||
| + | 8226695519985 23304480014 n.a srm.grid.sara.nl | ||
| + | 605355546 806421195 n.a gb-se-nki.els.sara.nl | ||
| + | 6575746866 20920246 n.a carme.htc.biggrid.nl | ||
| + | 152913518 115521938 n.a se.grid.rug.nl | ||
| + | 248345185 1166074827 n.a gb-se-ams.els.sara.nl | ||
| + | 355230761 1056545980 n.a gb-se-uu.science.uu.nl | ||
| + | 1266740857 145035883 n.a gb-se-wur.els.sara.nl | ||
| + | 337812899 1076607113 n.a gb-se-kun.els.sara.nl | ||
| + | 2195706454 3048365 n.a tbn18.nikhef.nl | ||
| + | 771834491 620488567 n.a gb-se-lumc.lumc.nl | ||
| + | |||
| + | '''Note''' the current version of the <tt>lcg-infosites</tt> command does not use your grid proxy at all! | ||
== Creating your own directory in SRM-space == | == Creating your own directory in SRM-space == | ||
Revision as of 16:46, 5 August 2009
Storing files on the grid is one thing. Controlling access to these files is a different matter. This page is the result of an ongoing investigation on how to control access rights for different storage systems (currently: dCache and DPM), as well as the way files are stored and accessed on the Local File Catalog (LFC).
dCache
Before we start: it is assumed that you already have generated a valid VOMS proxy prior to attempting any of these commands. It is also assumed that you have access rights to the storage systems used below.
Finding out how storage is organized
To list the storage systems to which you have access use
lcg-infosites --vo <YOUR-VO> se
which for my proxies currently results in
Avail Space(Kb) Used Space(Kb) Type SEs ---------------------------------------------------------- 12078 108 n.a srm.grid.rug.nl 12078 108 n.a srm.grid.rug.nl 730582644 681194097 n.a gb-se-amc.amc.nl 8226695519985 23304480014 n.a srm.grid.sara.nl 605355546 806421195 n.a gb-se-nki.els.sara.nl 6575746866 20920246 n.a carme.htc.biggrid.nl 152913518 115521938 n.a se.grid.rug.nl 248345185 1166074827 n.a gb-se-ams.els.sara.nl 355230761 1056545980 n.a gb-se-uu.science.uu.nl 1266740857 145035883 n.a gb-se-wur.els.sara.nl 337812899 1076607113 n.a gb-se-kun.els.sara.nl 2195706454 3048365 n.a tbn18.nikhef.nl 771834491 620488567 n.a gb-se-lumc.lumc.nl
Note the current version of the lcg-infosites command does not use your grid proxy at all!
Creating your own directory in SRM-space
srmmkdir ....
Copying and registering your file
lcg-cr ....
Looking at the permissions
- SRM : srm-get-permissions
Modifying the permissions
- SRM : srm-set-permissions
Verifying access control
- SRM : srm-get-permissions
- Try to access the file as another user
DPM
Creating your own directory in DPM-space
srmmkdir .... ?? dpns-mkdir
Copying and registering your file
lcg-cr ....
Looking at the permissions
- SRM : srm-get-permissions is broken
- dpns-getacl
Modifying the permissions
- SRM : dpns-setacl
Verifying access control
- SRM
- Try to access the file as another user
LFC
Copying and registering your file
- lcg-cr .... with full path
- lcg-cr .... with generated path
Looking at the permissions
- lfc-getacl
- lfc-la
- lfc-lg
- lfc-lr
- lfc-ls
- lcg-gt
Modifying the permissions
- lfc-setacl
Verifying access control
- lfc-getacl
- lfc-la
- lfc-lg
- lfc-lr
- lfc-ls
- Try to access the file as another user
