You might be able to use CAS callouts. CAS should let you make more
fine-grained read/write permissions than the GridFTP server alone.
See http://www.globus.org/toolkit/docs/4.0/security/cas/admin-
index.html for some details on setting up CAS. It might make a little
more sense if you also look at http://www.globus.org/toolkit/docs/4.0/security/cas/user-index.html
In the end it might mean you need to modify Gridsphere, though, since
you'd need to use cas-proxy-init and cas-wrap as described in the user
guide.
Charles
On Jun 16, 2008, at 11:24 PM, Michael Link wrote:
GridFTP uses the same permissions that the user would normally have
when logged in to the system. There is no way to restrict a user
to his own home directory currently, but if filesystem permissions
were set appropriately they could certainly be restriced write
access to anything else. Read access is probably harder to prevent
with this method as in the least the gridftp/globus binaries would
live outside the home dir and the user would need read access to
these.
Mike
[EMAIL PROTECTED] wrote:
Dear gt-user ...
I want to ask about how to restrict user access in GridFTP. I want
users
only have write and read access only in their home directories and
not
above it via GridFTP. is that possible ? and how ? I have implemented
Gridsphere+GridPortlet/VineTolkit, and users can browse root
directory
with gridFtp.
Thanks.
