Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#864 closed task (fixed)

Implement a service that check and update file permission in ProjectArchive

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: major Milestone: Reggie v4.3
Component: net.sf.basedb.reggie Keywords:


This is related to #863.

The secondary analysis scripts will not give read permission to files unless Consent=Yes. Since the consent is usually not received until the samples have been processed we need a way to update the file permissions once the consent has been changed.

A service should be implemented that at regular intervals (every 24h?) check the file permission in the project archive and compare against the consent stored on the related Case item in BASE. Any mismatches should be fixed. It should be possible to both remove and add permissions.

Change History (5)

comment:1 by Nicklas Nordborg, 8 years ago

Executing the following command

find <project-archive> -printf '%m %y %P\n'

will output a list with file paths, permission and type ('d' or 'f').

775 d 5506067.1
775 d 5506067.1/l.r.m.c.lib.g
664 f 5506067.1/l.r.m.c.lib.g/5506067.1.l.r.m.c.lib.g_fragmentsize.txt
664 f 5506067.1/l.r.m.c.lib.g/5506067.1.l.r.m.c.lib.g_R1.fastq.gz
664 f 5506067.1/l.r.m.c.lib.g/5506067.1.l.r.m.c.lib.g_R2.fastq.gz
775 d 7700635.1
775 d 7700635.1/l.r.m.c.lib.g
664 f 7700635.1/l.r.m.c.lib.g/7700635.1.l.r.m.c.lib.g_fragmentsize.txt
664 f 7700635.1/l.r.m.c.lib.g/7700635.1.l.r.m.c.lib.g_R1.fastq.gz
664 f 7700635.1/l.r.m.c.lib.g/7700635.1.l.r.m.c.lib.g_R2.fastq.gz

The result should be easy to parse and compare the current permissions with the consent information in BASE. Basically we only have to load the specimen names for all cases that has Consent=Yes. This can be done in a single query.

If the permission for a file/directory doesn't match we include a chmod command per file/directory in a script file that is executed on the server. This means that we only change permission when they actually need to be changed which should prevent any issues with triggering a backup for unchanged files.

The permissions should be:

  • Consent=Yes: file=640, directory=750
  • No consent: file=600, directory=700

comment:2 by Nicklas Nordborg, 8 years ago

Milestone: Reggie v4.xReggie v4.3
Status: newassigned

comment:3 by Nicklas Nordborg, 8 years ago

(In [3802]) References #864: Implement a service that check and update file permission in ProjectArchive

I think this should be working now.

The ProjectArchiveService should run once every two hours. It starts by loading all specimen names that belongs to a case with consent=Yes.

Then, it lists all files in the project archive together with the current access permissions. The first part of the file path should correspond to the specimen name. The current permissions are then compared aginst the expected permission depending on if the specimen is found in the list of known specimen with consent=Yes.

If the permissions don't match a chmod command is generated and included in a script that is used to update the file permissions.

comment:4 by Nicklas Nordborg, 8 years ago

Resolution: fixed
Status: assignedclosed

comment:5 by Nicklas Nordborg, 8 years ago

(In [3845]) References #864: Implement a service that check and update file permission in ProjectArchive

Trigger a permission check in the project archive when there is a known change in consent information.

Note: See TracTickets for help on using tickets.