[saga-rg] Re: ISSUE 30

Andre Merzky andre at merzky.net
Thu Apr 27 12:02:39 CDT 2006 

Quoting [Andre Merzky] (Apr 20 2006):
> 
>   30) ACLs!
>       - Later, after we get input from the security area and GFS
>       - we actually got that input for files/name spaces, so that
>         should be done!
>       - OPEN, URGENT, MAJOR
>     
> We have, up to now, no security for files and logical files
> in the API.  Discussions at last GGF(s) showed that both
> security area and other groups like GFS and PE are unsure
> about the model to choose, but _all_ of them proposed to go
> for ACLs until there is something better available.  So the
> proposal is to do that.
> 
>   - Are there arguments against that?

None seen.  Earlier arguments have been that there too many
different ACL 'standards' around.  Well, we have to adjust
the spec if a different one emerges/dominates in GGF.


>   - Is someone willing to draft ACL for the API?
> 
> Dealine for this poll is in one week.  If nobody objects, we
> will go for ACLs.  Not sure who will work on it though.

Nobody objected.  So I added simple ACLs in the name space
package.

Code examples would be:


------------------------------------------------------------
  std::string dn_user  = "O=dutchgrid, O=users, O=vu, OU=cs, CN=Andre Merzky";
  std::string dn_group = "O=dutchgrid, O=users, O=vu, OU=cs, CN=*";

  // open file (default: Read only)
  saga::file f (url);

  // set ACL restrictions for file.  The ACL set is
  // performed with the permissions of the session context
  f.set_acl (dn_user,  saga::ACL_Read | saga::ACL_Write);
  f.set_acl (dn_group, saga::ACL_Read);

  // check if acl allow write with our current session
  // contexts
  if ( f.get_acl () & saga::ACL_Write )
  {
    saga::file f_2 (url, saga::ReadWrite);

    f_2.write ("data");
  }
------------------------------------------------------------

I don't have much experience with ACLs - so it would be
appreciated if someone more knowledgable could give feedback
if the above makes sense..

> Cheers, Andre

Cheers, Andre


-- 
"So much time, so little to do..."  -- Garfield

More information about the saga-rg mailing list