[saga-rg] Re: ISSUE 30
Andre Merzky
andre at merzky.net
Thu Apr 27 12:02:39 CDT 2006
Quoting [Andre Merzky] (Apr 20 2006):
>
> 30) ACLs!
> - Later, after we get input from the security area and GFS
> - we actually got that input for files/name spaces, so that
> should be done!
> - OPEN, URGENT, MAJOR
>
> We have, up to now, no security for files and logical files
> in the API. Discussions at last GGF(s) showed that both
> security area and other groups like GFS and PE are unsure
> about the model to choose, but _all_ of them proposed to go
> for ACLs until there is something better available. So the
> proposal is to do that.
>
> - Are there arguments against that?
None seen. Earlier arguments have been that there too many
different ACL 'standards' around. Well, we have to adjust
the spec if a different one emerges/dominates in GGF.
> - Is someone willing to draft ACL for the API?
>
> Dealine for this poll is in one week. If nobody objects, we
> will go for ACLs. Not sure who will work on it though.
Nobody objected. So I added simple ACLs in the name space
package.
Code examples would be:
------------------------------------------------------------
std::string dn_user = "O=dutchgrid, O=users, O=vu, OU=cs, CN=Andre Merzky";
std::string dn_group = "O=dutchgrid, O=users, O=vu, OU=cs, CN=*";
// open file (default: Read only)
saga::file f (url);
// set ACL restrictions for file. The ACL set is
// performed with the permissions of the session context
f.set_acl (dn_user, saga::ACL_Read | saga::ACL_Write);
f.set_acl (dn_group, saga::ACL_Read);
// check if acl allow write with our current session
// contexts
if ( f.get_acl () & saga::ACL_Write )
{
saga::file f_2 (url, saga::ReadWrite);
f_2.write ("data");
}
------------------------------------------------------------
I don't have much experience with ACLs - so it would be
appreciated if someone more knowledgable could give feedback
if the above makes sense..
> Cheers, Andre
Cheers, Andre
--
"So much time, so little to do..." -- Garfield
More information about the saga-rg
mailing list