Setting default LFC file/directory permissions (like with lfc-setacl)

Added by Kocot Joanna almost 6 years ago

Hi,

I need to set default permissions that are used when a file in LFC is created. Such permissions can be normally set to a parent LFC directory by 'lfc-setacl' command (e.g. if you use: lfc-setacl -m d:group::r-x /grid/vo_name/some_dir, all the files and subdirectories of /grid/vo_name/some_dir will be created with no more than r-x for your group - this usually means r-- for files and r-x for directories).
Setting this is very important as in many configurations default is set to rwx rigths for the group which is too strong.
Is this possible with the JSAGA LFC adaptor?

Cheers,
Joanna


Replies (4)

RE: Setting default LFC file/directory permissions (like with lfc-setacl) - Added by Schwarz Lionel almost 6 years ago

Hi Joanna,
We may want to use these SAGA methods:
NSEntry.permissionsAllow() and NSEntry.permissionsDeny()

HTH
Lionel

RE: Setting default LFC file/directory permissions (like with lfc-setacl) - Added by Revillard Jerome almost 6 years ago

Hi,

The LFC adaptor only implements the basic permissions management for the moment, not the full acls. So only the equivalent of lfc-chmod and lfc-chown.

Best,
Jérôme

RE: Setting default LFC file/directory permissions (like with lfc-setacl) - Added by Kocot Joanna almost 6 years ago

Hi Lionel, Jerome,

Thank you for the answers. I guess that if the LFC adaptor implementation doesn't support setting the full acls, I can't be done with the methods mentioned (NSEntry.permissionsAllow() and NSEntry.permissionsDeny()) - or am I wrong?
Is there any plan to implement this functionality in the LFC adaptor?

Thanks,
Joanna

RE: Setting default LFC file/directory permissions (like with lfc-setacl) - Added by Reynaud Sylvain almost 6 years ago

Hi Joanna,

The NSEntry.permissionsAllow() and NSEntry.permissionsDeny() methods can be used with most adaptors (including LFC adaptor) to set POSIX-like permissions only. So if you can do the job with the lfc-chmod and lfc-chown commands, then you should be able to do it with JSAGA as well. Else you can't.

Support for full ACL is implemented on the engine side, but not on adaptors side because only few grid technologies support this.

I don't know if Jérôme plans to implement support for full ACL in his LFC adaptor or not, but anyway using full ACL capabilities in your code would break its compatibility with the other protocols, because most of them don't support full ACL. So using POSIX-like permissions should be considered first if it can solve your issue.

Regards,
Sylvain

(1-4/4)