Information and Communication Technologies Environment

Overleaf Collaborative Writing

FCC is using the Overleaf collaborative, web-based LaTeX writing tool for scientific and technical articles. Please consult the specific page for more information.

Twiki Access

The pages, called Topics in Twiki language, of the FCC Twiki site are by default publicly viewable.

Editing permissions for general pages on the FCC Twiki site are granted through membership of the fcc-twiki-editors egroup. For a complete documentation on access control, consult the Twiki documentation.

Access to certain pages (Topics) have to be restricted. Access restrictions is implemented through the CERN groups. To restrict the access to a Topic do the following:

1. Edit the page (you must have permission do to so)
2. Scroll to the very end of the page
3. Create a heading and access description contents, for instance at third level as follows

---+++ Access to this page

• Set ALLOWTOPICCHANGE = JohannesGutleber, <name of e-group>
• Set ALLOWTOPICVIEW = JohannesGutleber, <name of e-group>

IMPORTANT: Make sure that you do not lock out yourself, so make sure you enter an e-group of which you are part. You may also add an explicit Wiki username.

Multi language support in Twiki

The basis for making multilingual pages in the FCC Twiki is first in a language selection banner in the following topic

FCCNavigationMenu

Languages can be added in this banner as the project evolves.

The easiest setup of multilanguage pages is then to have a master page for a topic that contains only very limited and generic code and no specific data or information.

That code first loads the multilanguage banner and then loads auxiliary topics in the selected language.
Of course, we need to catch missing languages and if the auxiliary topic in the selected language does not exist, we state it in a friendly message.

Note also that we need to include the subtopics in raw form, i.e. with expansion of the variables in the main topic, not in subtopics.

The generic multilanguage code for ANY topic is the following

---

%INCLUDE{"FCCNavigationMenu"}%
%CALC{$IF($EXISTS(%TOPIC%%GET{ "SetGetPlugin-lang-%WIKINAME%" }%), $NOP(%)INCLUDE{"%TOPIC%%GET{ "SetGetPlugin-lang-%WIKINAME%" }%" raw="on" }$NOP(%),*Translation in this language is missing* %BR% *Traduction indisponible dans cette langue*)}%

---

Let us give an example.
Assume that you want to write a new topic called RandomThoughts.
In the topic page, i.e. the web page referenced under https://twiki.cern.ch/twiki/bin/view/FCC/RandomThoughts , you will simply place the few lines of generic code above.

The variable %TOPIC% expands to the topic name chosen, that is RandomThoughts, and the code will look for further pages or topics named respectively RandomThoughtsfrench , RandomThoughtsenglish etc...

In order to edit these auxiliary language specific topics, you can use the Twiki tools provided, for example by opening in your browser a page at the address https://twiki.cern.ch/twiki/bin/view/FCC/RandomThoughtsenglish
If the topic has already been created, you can edit it in the usual way. If the topic does not exist yet, you will get the option to create it.

In the language specific topics you can write regular Twiki code; there is no need to place special comments or sections. For example the topic RandomThoughtsenglish could look like

---

---+ Here are some random thoughts
---++ First some principles
---++ Then further ideas

---

Why don't you experiment with this RandomThoughts example ?
The topics RandomThoughts and RandomThoughtsenglish have been conveniently created and you can change them at will or create the other language specific topics.

Showing or hiding parts of a page

It might be useful to show or hide parts of a Twiki page. A plugin configured directly allows this with full documentation here.

The most basic form is :

---

%TWISTY{}%
One single paragraph here
%ENDTWISTY%

---

which gives

More... Close One single paragraph here

In order to show or hide a subsection, containing several paragraphs, other headers, etc. one can use :

---

---+++ Subsection title
%TWISTY{ mode="div" }%
The text and other material for the subsection...

And a subsubsection
---++++ Subsubsection...

%ENDTWISTY%

---

with the result below

Subsection title

CERNBOX File Shares

File Share and Contents

The following pages describe the different existing file shares and explain the folder usage.

• FCC Project File Share - click

• FCC GIS File Share- click

• FCC Geo Data File Share - to be done

Granting Access to CERNBOX File Shares

To access the project's file shares in CERNBOX either via a Web browser or via the client-side app, a person either needs to be member of an e-group or a folder must be explicitly shared with that person. Folders can also be shared with e-groups. Sharing can either be limited to read access or it can permit read and write access through the write permission.

ATTENTION: Creating a public link to a file for sharing project-internal information with specific persons is strongly discouraged! Anybody who has that link will be able to view that file.

ATTENTION: Sharing folders in a project file share when logged in as an ordinary user with particular permissions is strongly discouraged. In this case, the created file share link will be owned by that person and cannot be altered or removed by anybody else. When sharing project folders with people and groups, always log in with the FCC office service account fccoff.

Access to the entire file share:

In order to "see" the project folder when you log in with your personal computer account in the menu "Your projects" in the cernbox web page, you need to be part of one of the following groups:

E-group	File share	Description
cernbox-project-fccproject-admins	/eos/project/f/fccproject	read, write and administration permissions on fccproject
cernbox-project-fccproject-readers	/eos/project/f/fccproject	read access to the entire fccproject tree
cernbox-project-fccproject-writers	/eos/project/f/fccproject	write access to the entire fccproject tree
cernbox-project-fcc-gis-admins	/eos/project/f/fcc-gis	read, write and administration permissions on fcc-gis
cernbox-project-fcc-gis-readers	/eos/project/f/fcc-gis	read access to the entire fcc-gis tree
cernbox-project-fcc-gis-writers	/eos/project/f/fcc-gis	write access to the entire fcc-gis tree
cernbox-project-fccgeo-admins	/eos/project/f/fccgeo	read, write and administration permissions on fccgeo
cernbox-project-fccgeo-readers	/eos/project/f/fccgeo	read access to the entire fccgeo tree
cernbox-project-fccgeo-writers	/eos/project/f/fccgeo	write access to the entire fccgeo tree
cernbox-project-fcc-gis-dev-admins	/eos/project/f/fcc-gis-dev	read, write and administration permissions on fcc-gis-dev
cernbox-project-fcc-gis-dev-readers	/eos/project/f/fcc-gis-dev	read access to the entire fcc-gis-dev tree
cernbox-project-fcc-gis-dev-writers	/eos/project/f/fcc-gis-dev	write access to the entire f cc-gis-dev tree
cernbox-project-fcc-gis-uat-admins	/eos/project/f/fcc-gis-uat	read, write and administration permissions on fcc-gis-uat
cernbox-project-fcc-gis-uat-writers	/eos/project/f/fcc-gis-uat	read access to the entire fcc-gis-uat tree
cernbox-project-fcc-gis-uat-readers	/eos/project/f/fcc-gis-uat	write access to the entire fcc-gis-uat tree
cernbox-project-fcc-gis-prod-admins	/eos/project/f/fcc-gis-prod	read, write and administration permissions on fcc-gis-prod
cernbox-project-fcc-gis-prod-readers	/eos/project/f/fcc-gis-prod	read access to the entire fcc-gis-prod tree
cernbox-project-fcc-gis-prod-writers	/eos/project/f/fcc-gis-prod	write access to the entire fcc-gis-prod tree
cernbox-project-fcc-civil-engineering-admins	/eos/project/f/fcc-civil-engineering	read, write and administration permissions on fcc-civil-engineering
cernbox-project-fcc-civil-engineering-readers	/eos/project/f/fcc-civil-engineering	read access to the entire fcc-civil-engineering tree
cernbox-project-fcc-civil-engineering-writers	/eos/project/f/fcc-civil-engineering	write access to the entire cc-civil-engineering tree

ATTENTION: It takes about 24 hours from adding a person or account to an e-group and the appearance of the project folder in the persons cernbox personal web page. If after 24 hours the person does not see the project file share under "Your projects", please contact the service desk with an incident request and keep the person in copy.

Please note that in many cases, access to the entire tree is not appropriate. Therefore, this approach should only be used for core-project members.

Access to sub-trees of the file share: Project members typically require access to subtrees only. To share with a single person or with a group of people, log in using the project-specific service account.

Next, navigate to "Your projects". You should now see all the project folders that this service account manages (2 projects in the example shown below).

Next, navigate to the folder that you wish to share. Click on the sharing icon (the three dots that are connected by 2 lines). A menu will appear to the right that shows with which persons and e-groups this folder is already shared.

Adding a name in the text field will start a search in the CERN user account database from which you can then select a username for sharing.

The search will also include all e-groups as shown below.

When you select the person name or e-group name, it will be added to the file share. The system will create a link that you can copy and send by mail or put on a web page. When you click "Send mail", the person or e-group will be notified with that link.

To delete a file share, click on the waste basket.

A folder may already be shared with an e-group. In this case, it is sufficient to add the person who should have access to the e-group only. You need to copy the link and send the link to the person, otherwise the person will not know how to access the folder. The person should also log into the personal cernbox web page and look at the folder by clicking on the menu item "Shared with you".

Accessing CERN's Computers and File Storage

How to create a remote desktop connection to a PC or virtual machine at CERN

You can request access to a machine at CERN using the following link: https://remotedesktop.web.cern.ch/remotedesktop/

Click "Manage your remote desktop to access from outside CERN".

In the window enter the name of the PC or virtual machine as registered at CERN. Select your primary CERN account.

Do not download the .rdp file produced on the web page immediately, but wait until you receive an e-mail from Remote Desktop Service.

Then save the .rdp file attached to the email locally and use it to connect.

Enter your CERN NICE account, possibly with the domain, e.g. CERN\{your username} to connect.

How to Access LXPLUS

Access LXPLUS Create an ssh key pair

How to create a Secure Shell Key Pair for Login without Password

How to Access EOS Filesystems

FCC GIS Website

Site Access and Permissions

There exists a publicly accessible website for serving information and Web applications that concern the FCC Geographical Information System.

The site main page can be reached at http://cern.ch/fcc-gis-data or also using http://fcc-gis-data.web.cern.ch.

The site files are placed in /eos/project/f/fcc-gis/www.

Access to this fileshare is controlled with the egroups cernbox-project-fcc-gis-readers, cernbox-project-fcc-gis-writers and cernbox-project-fcc-gis-admins.

Moderators can manage the site using CERN's webservices interface.

The site is protected using CERN's Single Sign On ( SSO) authentication and authorisation system. In particular the subfolder requiring authentication will host a file called .htaccess that lists egroups whose members will have access to the entire site:

SSLRequireSSL # The modules only work using HTTPS
AuthType shibboleth
ShibRequireSession On
ShibRequireAll On
ShibExportAssertion Off

Require valid-user
Require ADFS_GROUP "egroup1" "egroup2"

Folder and File Organisation

Web applications and individual sub folders can be created in the top folder. For Web applications, versioning is encouraged so that in case of updates a new folder is created for a new version:

/fcc-gis/www/myapplication/v0100 points to the files and code of the released version V1.0 of the application.
/fcc-gis/www/myapplication/v0101 points to the files and code of the in work version V1.1 of the application.
/fcc-gis/www/myapplication/v0200 points to the files and code of the released version V2.0 of the application.
/fcc-gis/www/myapplication/released is a logical link created with ln -s to the folder of the currently released version folder.
/fcc-gis/www/myapplication/latest is a logical link created with ln -s to the folder of the latest version folder, which can be a released version or an in work version.

Accessing fcc-gis remotely

The EOS file share can be accessed remotely using

• cernbox

Install the cernbox client, create a local folder called fcc-gis in your home directory and add the remote path eos/project/f/fcc-gis to synchronise to the local fcc-gis folder.

You may consider to deselect some of the subfolders that potentially have a large number of files or large files or folders that you don't use (e.g. incoming, www).

• WebDAV

You can access the remote folder on your local computer in a way similar to a local folder without synchronisation (no use of local disk space) using the WebDAV protocol. Instructions on how to do that can be found in the cernbox user manual. NOTE: WebDAV is not a true filesystem. Therefore it may be slow.

• Web browser

You can access the project folder through the URL https://cernbox.cern.ch/index.php/apps/files/?dir=/__myprojects/fcc-gis if you are in the access list of the entire project. Otherwise, a specific folder may have shared with you and you can access the folder by putting the URL in the Web browser's address line.

• Using sshfs

You can access the remote folder on your local computer in a way similar to a local folder without synchronisation (no use of local disk space) using the sshfs protocol. This system uses a secure filte transport protocol (sftp) to make the remote file share look like a local folder on your computer.

First, you need to install the FUSE software on your computer. For instance for Apple Mac OSX you can install FUSE for macOS.

You need to create a local folder fcc-gis in your home directory first.

% mkdir fcc-gis
% sshfs -o defer_permissions <cern username>@lxplus.cern.ch:/eos/project-f/fcc-gis/ ~/fcc-gis

NOTE: Remote changes are not visible locally until you "refresh" the folder (e.g. open/close the folder) in which the file change happened. You can play with the cache settings of sshfs to improve the experience, but potentially at the cost of loosing performance. For instance, the option -o auto_cache triggers a local refresh as soon as FUSE detects a change in the file size or file date. More information can be found on the sshfs Wiki.

Write access to EOS folder for web applications

If a web application needs to write to an eos folder, the permission needs to be set through the cernbox.cern.ch web interface. Go to the folder that the web application needs to write to and share the folder with user a:wwweos. Full documentation can be found on the IT department's cernbox pages.

Permissions for Twiki pages

TBD. List to be provided by PeteJones

• PagePermissions

-- SylvainGirod1 - 2022-11-07