Hi Chris
On 26 July 2012 21:52, Christopher J. Walker <[log in to unmask]> wrote:
> On 25/07/12 14:41, Sam Skipsey wrote:
>>
>> On 25 July 2012 12:14, Ewan MacMahon<[log in to unmask]> wrote:
>>>>
>>>> -----Original Message-----
>>>> From: GRIDPP2: Deployment and support of SRM and local storage
>>>> management
>>>> [mailto:[log in to unmask]] On Behalf Of Jens Jensen
>>>> Sent: 25 July 2012 10:00
>>>>
>>>> OTOH you may actually want to protect the file from being read by joe
>>>> random certificate user. We may need to figure this out before the VOs
>>>> will be keen on us providing https interfaces?
>>>>
>>> Would the apache gridsite plugin help here? Doesn't it have some
>>> ability to do VO membership based stuff?
>>>
>>
>> Indeed. DPM's WebDAV implementation uses the gridsite plugin to do
>> precisely this at present.
>
>
>
> What StoRM does is that the storm user owns files, but gives extended posix
> acls to them.
>
> So, for example:
> [root@se01 dteam]# pwd
> /mnt/lustre_0/storm/dteam
>
> [root@se01 dteam]# getfacl testfilescs10M
> # file: testfilescs10M
> # owner: storm
> # group: storm
> user::rw-
> group::---
> group:tomcat:r--
> group:dteam:rw-
> mask::rwx
> other::---
>
> Which means that users in group dteam can read (and write) the file (and we
> probably ought to squash the latter, but that's another problem).
>
> Ignoring StoRM's https support for the moment, could GridSite be used to
> give https/webdav read access to files?
Assuming you mean "can I just run an apache server that exposed the
lustre filesystem, and use gridsite to handle the authentication", I
don't see why not. I've not thought about this for more than 10
seconds, though.
Sam
>
> Chris
|