On Mon, 15 Jun 2009, Ewan MacMahon wrote:
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Henry Nebrensky
>>
>> Both these activities are indeed still possible by using gridftp, but
>> then at least you have the gridftp logs to provide a trail of who did
>> what; with the NFS route you might not have more than a timestamp
>> (group-writable files could have been modified by any pool user).
>
>> The simplest solution might simply be to only mount the SE space
>> read-only, but that's yet another thing that would have to be published
>> correctly (and then parsed by the user).
>>
>
> Surely the correct and simple solution to this (in principle - I'm not
> aware of any SRM implementation that does this) is to use a single pool
> account mapping for a given user[1] across a whole site, so both running
> jobs and storage access happen with the same mapped account.
I agree that this is probably the "correct" route, but it would have to
be the same mapping across the site - including multiple CEs and SEs - AND
it would have to be permanent (otherwise you won't be able to access your
file when you come back and get mapped to a different pool account).
The latter implies getting rid of the "pool" in pool accounts - I can't
remember where the last discussion on that finished up.
On top of that you still need some way to ensure that whatever was just
written still gets correctly registered in the SE and so on, though, so I
don't think this is really a simple solution.
OTOH from the little I've misunderstood about workflows, I don't think a
read-only file:// protocol is a huge hardship - simulation already works
without it, and any use case that requires random read/write access to
files already on the SE is probably a Bad Idea anyway.
Thanks
Henry
> [1] Not actually per user, more like per DN+VO+Role, but the principle
> stands.
--
Dr. Henry Nebrensky [log in to unmask]
http://people.brunel.ac.uk/~eesrjjn
"The opossum is a very sophisticated animal.
It doesn't even get up until 5 or 6 p.m."
|