On 25/07/12 14:41, Sam Skipsey wrote:
> On 25 July 2012 12:14, Ewan MacMahon<[log in to unmask]> wrote:
>>> -----Original Message-----
>>> From: GRIDPP2: Deployment and support of SRM and local storage management
>>> [mailto:[log in to unmask]] On Behalf Of Jens Jensen
>>> Sent: 25 July 2012 10:00
>>>
>>> OTOH you may actually want to protect the file from being read by joe
>>> random certificate user. We may need to figure this out before the VOs
>>> will be keen on us providing https interfaces?
>>>
>> Would the apache gridsite plugin help here? Doesn't it have some
>> ability to do VO membership based stuff?
>>
>
> Indeed. DPM's WebDAV implementation uses the gridsite plugin to do
> precisely this at present.
What StoRM does is that the storm user owns files, but gives extended
posix acls to them.
So, for example:
[root@se01 dteam]# pwd
/mnt/lustre_0/storm/dteam
[root@se01 dteam]# getfacl testfilescs10M
# file: testfilescs10M
# owner: storm
# group: storm
user::rw-
group::---
group:tomcat:r--
group:dteam:rw-
mask::rwx
other::---
Which means that users in group dteam can read (and write) the file (and
we probably ought to squash the latter, but that's another problem).
Ignoring StoRM's https support for the moment, could GridSite be used to
give https/webdav read access to files?
Chris
|