If the DN of a user changes:

If the DN of a user changes, what does the LFC/DPM admin have to do, so that the user can still access her files ?

Solution:

The steps to follow are:

  • Check if the user's new DN has already been registered automatically in the LFC/DPM (it is the case if he has used the LFC with his new DN at least once...):
       -- To get the old and possible new 'owner_uid'
       select * from Cns_userinfo where username IN ('<old_DN>', '<new_DN>');
       

If the user's new DN doesn't appear in Cns_userinfo

The steps to follow are:

  • Find out the virtual UID of the old DN. You need to query the database for this:
       select * from Cns_groupinfo where username='<old_DN>';
       

  • We modify the user name to the new one:
       /opt/lcg/bin/lfc-modifygrpmap --uid <old_UID> --group '<new_username>'
       

If the user's new DN appears in Cns_userinfo

  • Check if the user has already registered any file with the new DN
       -- Check if he/she has files
       SELECT count(*) FROM Cns_file_metadata WHERE owner_uid=<the new owner_uid>;
       

  • If there are files registered for the new DN, we do:
    • Get the files and paths from the DB:
            SELECT lpad(' ', 2*level-1) || SYS_CONNECT_BY_PATH(name, '**') "Path" 
            FROM Cns_file_metadata
            WHERE owner_uid=<new_owner_uid>
            START WITH parent_fileid=0
            CONNECT BY PRIOR fileid = parent_fileid;
            
    • And we put all these in a file files.sql that we modify with vim to convert the '*' to '/'. So inside vim we type:
            :%s/\*\*/\//g
            
    • Now we set all those files to the owner_uid of the old_DN:
            for i in `cat files.sql`; do /opt/lcg/bin/lfc-chown <the_old_owner_uid> $i; done
           
    • Then, we delete from the DB the owner_uid of the new DN:
             /opt/lcg/bin/lfc-rmusrmap --uid <new_owner_uid>
            
    • And finally, we modify the user mapping to make the old owner_uid point to the new DN:
            /opt/lcg/bin/lfc-modifyusrmap --uid <old_owner_uid> --user '<new_DN>'
            

  • If there are no files registered for the new DN, it's more simple. We just do the two last steps:
    • We delete from the DB the owner_uid of the new DN:
             /opt/lcg/bin/lfc-rmusrmap --uid <new_owner_uid>
            
    • We modify the user mapping to make the old owner_uid point to the new DN:
            /opt/lcg/bin/lfc-modifyusrmap --uid <old_owner_uid> --user '<new_DN>'
            

If the name of a group/VO changes:

If the name of a group/VO changes, what does the LFC/DPM admin have to do, so that the permissions remain correct ?

Solution:

The steps to follow are:

  • Find out the virtual GID of the old group. You need to query the database for this:
       select * from Cns_groupinfo where groupname='<old_groupname>';
       

  • We modify the group name to the new one:
       /opt/lcg/bin/lfc-modifygrpmap --gid <old_GID> --group '<new_groupname>'
       

Help !

If this page doesn't help, contact helpdesk@ggusNOSPAMPLEASE.org (remove the NONSPAM !).

-- SophieLemaitre - 12 Oct 2007

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r6 - 2007-10-12 - SophieLemaitre
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback