Opened 9 years ago
Closed 9 years ago
#863 closed task (fixed)
Secondary analysis scripts should set permissions on created files in ProjectArchive
Reported by: | Nicklas Nordborg | Owned by: | Nicklas Nordborg |
---|---|---|---|
Priority: | major | Milestone: | Reggie v4.3 |
Component: | net.sf.basedb.reggie | Keywords: | |
Cc: |
Description (last modified by )
This is related to #864.
Files generated on the project archive file server by secondary analysis scripts should by default only be readable/writable by the user. If a Case can be found that has Consent=Yes the permission on the generated files can be changed so that the group has read permission as well. Permissions on directories should follow the same pattern, but they also need "execute" permission.
After investigating the umask
command (https://en.wikipedia.org/wiki/Umask) it seems like this would be relatively simple by including just one line at the beginning of the script:
umask 0077
orumask -S u=rwx,g=,o=
if there is no consentumask 0027
orumask -S u=rwx,g=rx,o=
if there is a consent
New files should then automatically be created with correct permissions.
Change History (6)
comment:1 by , 9 years ago
Description: | modified (diff) |
---|
comment:2 by , 9 years ago
Description: | modified (diff) |
---|
comment:3 by , 9 years ago
Milestone: | Reggie v4.x → Reggie v4.3 |
---|---|
Status: | new → assigned |
comment:4 by , 9 years ago
comment:5 by , 9 years ago
(In [3793]) References #863: Secondary analysis scripts should set permissions on created files in ProjectArchive
Added a utility method ScriptBuilder.setUmaskForItem()
to make it easy to always include this in generated scripts.
The align and cufflinks jobs now also set the umask.
The job script and other files that are uploaded as input to the job (eg. bardcode files for the demux) are set to private (in StringSourceFile
).
Stdout and stderr are still readable by everyone. I guess that is controller by the Open Grid and I haven't been able to find anything about any setting to change this.
comment:6 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
(In [3792]) References #863: Secondary analysis scripts should set permissions on created files in ProjectArchive
Added support in
ScriptBuilder
for settingumask -S u=rwx,g=,o=
to to make sure files are created as private by default. All jobs should use this setting.The
DemuxJobCreator
will try to load the parent case and check the consent. If it is set toYes
it will change toumask -S u=rwx,g=rx,o=
.