Skip to content

Manage access

Access is controlled (via the Web interface): - to the ENTIRE project via the -writers and readers egroups - to individual folders (and their sub-folders) via the Authenticated Share method in CERNBox (in a Web browser)

All the folders of the project can be shared by Authenticated Share and Link Share by members in the -admins e-group ONLY. The user (who is in -admins egroup) logs into his/her CERNBox, goes to the project in 'Your projects', and can then share a file/folder. The user (who is in -admins egroup) can only see the shares that he/she did. To see the shares done by other admins, you should go to LXPLUS, see below.

Check (via LXPLUS) which e-groups and users have access to the project space

Admins for the project can check who can access the project space by running the following commands on LXPLUS:

  • Login with the Service Account, or your own account (if you are an admin for the project space).

  • Run the command: eos root://eosproject.cern.ch attr ls /eos/project/<initial>/<project-name>/<path-to-folder>

Example:

[swanee@lxplus701 ~]$ eos root://eosproject.cern.ch attr ls /eos/project/s/swanee/plots sys.acl="egroup:cernbox-project-swanee-readers:rx,egroup:cernbox-project-swanee-writers:rwx+d,u:99090:rwx+d" sys.allow.oc.sync="1" sys.eos.btime="1584701732.657186956" .. ..

It is possible to define the EOS_MGM_URL=root://eosproject.cern.ch variable beforehand. In which case, you would not need root://eosproject.cern.ch in the EOS command.

In the example above: - "egroup:cernbox-project-swanee-writers:rwx+d" means that users in this e-group can read, write, execute and delete files/folders in this folder - "egroup:cernbox-project-swanee-readers:rx" means that users in this e-group can read files/folders in the folder - "u:99090:rwx+d" means that the user with userid '99090' can read, write, execute, delete files/folders in the folder. The user was shared this folder using the Web interface.

To find out which user has userid '99090', use the command "getent passwd "

$ getent passwd 99090 ebocchi:*:99090:2763:Enrico Bocchi,31 2-010,+41227674203,:/afs/cern.ch/user/e/ebocchi:/bin/bash