How to stop users writing something on top directory of DFC?

[zhangxiaomei]

Our DFC is configured with "FullSecurityManager" and dirac_admin is given the right to manage. All the directories under /juno are in good control, but some new users are still able to create their own directories directly under the top "/" . How to prevent this? If I am correct, I don't see solutions from documents.

[zhangxiaomei]

create a issue for that: #6229

[sfayer]

Hi,

Have you tried setting the permissions on the "/" directory? There is no simple way to display the current permissions, but you can set them in the dirac-dms-filecatalog-cli with something like chmod 755 /. This is what we're using in GridPP to prevent this (although we only use the DirectorySecurityManager: I imagine FullSecurityManager behaves the same).

You can get the current permissions directly from the database, I think the root dir is always the directory with ID 1 (note that this shows the mode flags in decimal whereas chmod uses octal):

MariaDB [FileCatalogDB]> select * from FC_DirectoryInfo where DirID = 1;
+-------+-----+-----+---------------------+---------------------+------+--------+
| DirID | UID | GID | CreationDate        | ModificationDate    | Mode | Status |
+-------+-----+-----+---------------------+---------------------+------+--------+
|     1 |   0 |   0 | 2015-04-14 15:41:05 | 2022-06-30 09:31:38 |  509 |      0 |
+-------+-----+-----+---------------------+---------------------+------+--------+

Regards,
Simon

[zhangxiaomei]

It works, thank you very much!
Andrei said it is a bug and asked me to create an issue for it.