Manage access¶
Access is controlled (via the Web interface):
- to the ENTIRE project via the -writers
and readers
egroups
- to individual folders (and their sub-folders) via the Authenticated Share method in CERNBox (in a Web browser)
All the folders of the project can be shared by Authenticated Share and Link Share by members in the
-admins
e-group ONLY. The user (who is in -admins egroup) logs into his/her CERNBox, goes to the project in 'Your projects', and can then share a file/folder. The user (who is in -admins egroup) can only see the shares that he/she did. To see the shares done by other admins, you should go to LXPLUS, see below.
Check (via LXPLUS) which e-groups and users have access to the project space¶
Admins for the project can check who can access the project space by running the following commands on LXPLUS:
-
Login with the Service Account, or your own account (if you are an admin for the project space).
-
Run the command:
eos root://eosproject.cern.ch attr ls /eos/project/<initial>/<project-name>/<path-to-folder>
Example:
[swanee@lxplus701 ~]$ eos root://eosproject.cern.ch attr ls /eos/project/s/swanee/plots
sys.acl="egroup:cernbox-project-swanee-readers:rx,egroup:cernbox-project-swanee-writers:rwx+d,u:99090:rwx+d"
sys.allow.oc.sync="1"
sys.eos.btime="1584701732.657186956"
..
..
It is possible to define the EOS_MGM_URL=root://eosproject.cern.ch variable beforehand. In which case, you would not need root://eosproject.cern.ch in the EOS command.
In the example above:
- "egroup:cernbox-project-swanee-writers:rwx+d" means that users in this e-group can read, write, execute and delete files/folders in this folder
- "egroup:cernbox-project-swanee-readers:rx" means that users in this e-group can read files/folders in the folder
- "u:99090:rwx+d" means that the user with userid '99090' can read, write, execute, delete files/folders in the folder. The user was shared this folder using the Web interface.
To find out which user has userid '99090', use the command "getent passwd
$ getent passwd 99090
ebocchi:*:99090:2763:Enrico Bocchi,31 2-010,+41227674203,:/afs/cern.ch/user/e/ebocchi:/bin/bash