The magic command to do this is:
# dpns-setacl -m d:g:atlas:rwx /dpm/gla.scotgrid.ac.uk/home/atlas/generated
(Your domain may vary...)
The intital "d" means "default" and ensures that this ACL is inherited by all newly created sub-directories (and the "g" means a "group" ACL).
I set this two days ago and found a friendly Melbourne ATLAS user (thanks Glen!) to help me test this - and it worked. In the 2007-02-07 directory, which had been created with the atlas/Role=lcgadmin group Glen was able to write a file as a normal ATLAS user.
So, the current situation for fixing up your DPM for ATLAS involves:
- Running the new script, which doesn't mess up the ACL owning user and group of the "root" directory - you can get than from http://www.physics.gla.ac.uk/~graeme/misc/update_acl_formysql.tar.gz.
- Then adding the additional ACL above to the generated directory.
Of course, you might just want to wait for some more complete fix to emerge from WLCG.
In addition, I have also raised the issue of the dq2 directory with ATLAS, but have yet to receive any response - so at the moment I haven't added any ACLs here.
1 comment:
If you ran the original UpdateACLForMySQL, then you also need to fix the broken ACL uid/gid on the "root" directory. To do this:
1. Use "dpns-ls -d /dpm/DOMAIN/home/atlas/{generated,dq2}" to get the correct uid/gid pair for these directories.
2. Do a "dpns-chown uid:gid" on these directories - this will reset the ACL uid:gid correctly.
3. Check it looks right with "dpns-getacl".
Post a Comment