LFC WLCG home >
LFC operations
Changing the ACL on a tree of directories
What you need
You need three things from the user:
-
<DIR>
The top directory to change the permissions on
-
<ROLE>
The Role to be added. For instance atlas/Role=production or lhcb/lhcbprod
-
<LFCHOST>
The host which runs the lfc daemon for the VO
Finding the names of the directories
Before performing the changes one has to find the names of the directories affected. This should be done using the binary
lfc-find tool. For performance reasons it is better to run this command on the LFC host itself. You have to be careful as this entails running the command as root.
- Log on the host
- export the environmental variable $LFC_HOST
#export LFC_HOST=`hostname`
- source the grid environment
#source /afs/cern.ch/project/gd/LCG-share/sl3/etc/profile.d/grid_env.sh
#afs/cern.ch/project/gd/SC3/lfc-find/lfc-find <DIR> -type d | tee -a ./directories.out
Changing the ACL
For each directory you need to run the set-acl command. It is recommended to have a log file, as it is an easy way to determine the time of the last entry made in the catalogue.
#export LFC_LIST_FILE=directories.out
#export LFC_LOG_FILE=`echo ${LFC_LIST_FILE} | cut -f 1 -d.`.log
#for dir in `cat ${LFC_LIST_FILE}` ; do /opt/lcg/bin/lfc-setacl -m
g:<ROLE>:rwx,m:rwx,d:g:<ROLE>:rwx,d:m:rwx ${dir} >> ${LFC_LOG_FILE} 2>&1 ; echo $dir >> ${LFC_LOG_FILE} ; done
Checking that everything went fine
Check that last entry in the log file of the LFC corresponds to the last entry you were supposed to change, i.e. the last entry in the
${LFC_DIR_FILE}
. For instance, try to determine the time of the last entry (e.g. timestamp of the log file from the setacl for loop in the step above) and check in the log file (look for last "setacl") which directories it corresponds to.
Changing the ACL on all files within a directory
What you need
You need three things from the user:
-
<DIR>
The top directory to change the permissions on
-
<ROLE>
The Role to be added. For instance atlas/Role=production or lhcb/lhcbprod
-
<LFCHOST>
The host which runs the lfc daemon for the VO
Finding the names of the files
Before performing the changes one has to find the names of all the files inside the directory affected. This should be done using the binary
lfc-find tool. For performance reasons it is better to run this command on the LFC host itself. You have to be careful as this entails running the command as root.
- Log on the host
- export the environmental variable $LFC_HOST
#export LFC_HOST=`hostname`
- source the grid environment
#source /afs/cern.ch/project/gd/LCG-share/sl3/etc/profile.d/grid_env.sh
#afs/cern.ch/project/gd/SC3/lfc-find/lfc-find <DIR> -type f | tee -a ./file_names.out
Changing the ACL
#export LFC_LIST_FILE=file_names.out
#export LFC_LOG_FILE=`echo ${LFC_DIR_FILE} | cut -f 1 -d.`.log
For each file you need to run the set-acl command
#for file in `cat $LFC_LIST_FILE`; do /opt/lcg/bin/lfc-setacl -m
g:<ROLE>:rw,m:rwx ${file} >> ${LFC_LOG_FILE} 2>&1 ; echo $file >> ${LFC_LOG_FILE} ; done
Checking that everything went fine
- Check that the number of lines in the log file is the same as the number of lines in the file listing the entries to change
wc -l $LFC_LIST_FILE
wc -l $LFC_LOG_FILE
- Check the LFC log file. For instance you can check that the last entry in the log file of the LFC corresponds to the last entry you were supposed to change, i.e. the last entry in the
${LFC_DIR_FILE}
. For instance, try to determine the time of the last entry (e.g. timestamp of the log file from the setacl for loop in the step above) and check in the log file (look for last "setacl") which files it corresponds to.
-- Main.diana - 26 Oct 2006