Mail from Stefan Dietrich, April 9th with a proposed solution from DESY-IT.
It's entirely on me that I have not looked into this yet, I just haven't found the time.
Hello David,
in the last NUC you reported problems with the handling of the group directories on DUST. There is a
solution available to solve those issues. Instead of normal unix mode bits, NFS4 ACLs can be used.
NFS4 ACLs allow setting up inheritance, so that every directory/file can be modified by a unix group.
Users create files as usual and do not have to take care of setting up umask or calling chmod. Data of
expired accounts stays managable that way, too.
Amfora supports creation of group directories with ACLs for quite some time. It allows you to create a
new group directory and configure the initial (!) ACLs based on a template for specific group(s). This will fit
to your use-case.
After some internal discussion, we would propose the following:
- Pick one of your pending group dirs as a real test candidate
- You create a new UNIX group in the AF-ATLAS namespace of the registry
- You create a new group directory with ACLs via Amfora*
- Users can start to create data in new group dir
- If necessary: adjust ACL template until all problems solved
- After test: create remaining group dirs in the same way
For the existing group directories, a manual conversion to use ACLs is possible as well.
This can be discussed after the tests are successful.
Please let me know, if this sounds reasonable for you.
Regards,
Stefan
*can also be done from our side or together via Cisco + screen sharing
