Hi Michael, This is exactly the type of thing I'd like to do but I would like to do it on a per-user basis. We have a desire to decouple the access control of our data archive system (which will be accessible via GridFTP) from the unix file system access control. I would therefore like to be able to call out to a module or service than specifies a restrict path for each authenticated user.
Ally Hume Software Architect EPCC, The University of Edinburgh On 22 Jan 2014, at 22:39, Michael Link <[email protected]> wrote: > Hi Ally, > > GT 5.2 has a path restriction feature that can do what I think you're asking. > See '-restrict-paths' here: > http://toolkit.globus.org/toolkit/docs/5.2/5.2.5/gridftp/admin/#commandlineoptions-server > > For instance, the configuration '-restrict-paths RW~/,R/data' would enable > read/write access to the users home directory and read access to the /data > directory, while denying all other paths. > > If that doesn't fit your needs, can you give some examples of what you'd like > to do? > > Mike > > On 1/22/2014 6:23 AM, Ally Hume wrote: >> Does anybody know of a way to perform GridFTP's file permission >> authorization using a call out to an external component rather than simply >> mapping users to a unix user and replying on the unix file permissions to >> handle the authorization? Ideally I'd like for the call out service to be >> able to specify a restricted set of folders from all the folders that the >> unix user has permissions to access. >> >> Is this type of thing possible with GT5? I've seen hints of people trying >> to do something like this with GT4 but I'm not sure if this is possible with >> the latest version. >> >> Regards, >> >> Ally Hume >> Software Architect >> EPCC, The University of Edinburgh >> >> >> > -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
