Globus Curator's Guide: Difference between revisions

Introduction

Here will be the instructions on how to maintain globus.

Notes

• For any restrict path's to work in the Guest Collections, the main collection needs to have either the same or broader path to be allowed.
• The main collection is currently private. Only the admins can have access to it.

Updating Path Permissions for the Guest Collection

1. Identify the real paths of the permission denied paths. Globus doesn't follow symbolic links

   readlink -f <symlink>

2. Become root in epyc
   1. Go to /root/globus

   cd /root/globus

3. Insert and save the real paths at the end of this file (check commas for syntax or you'll get an error):

   vim storage_gateway_path_restriction.json

   1. Here is an example of what it should look like

      {
          "DATA_TYPE": "path_restrictions#1.0.0",
          "none": ["/"],
          "read": [
      	    "/nfs/ex3/published",
      	    "/nfs/exe/work/jji/2dexport",
      	    "/nfs/exe/work/jji/3d-zinc20",
      	    "/nfs/exl/zinc-22a",
      	    "/nfs/exl/zinc-22b",
      	    "/nfs/exl/zinc-22c",
      	    "/nfs/exc/zinc-22n"
          ],
          "read_write":[
      	    "/nfs/mammoth/idg-images/newAmisData"
          ]
      }

4. Create a session token with globus. (Cluster 2 Password, ucsfbks)

   globus-connect-server session update ucsfbks@globusid.org

5. Follow instructions given by globus and it should tell you that it was successful
6. In the same directory, run this command to update

   bash globus-storage-gateway.sh update

7. This is the successful message

   Message: Updated Storage Gateway aa731fb1-b27a-49e6-aaeb-2d2cc252f779

Updating Path Permissions for the Main Collection

1. Identify the real paths of the permission denied paths. Globus doesn't follow symbolic links

   readlink -f <symlink>

2. Become root in epyc
   1. Go to /root/globus

   cd /root/globus

3. Insert and save the real paths at the end of this file (check commas for syntax or you'll get an error):

   vim path_restrictions.json

   1. Here is an example of what it should look like

      {
          "DATA_TYPE": "path_restrictions#1.0.0",
          "read": [
              "/"
          ],
          "read_write": [
              "/nfs/mammoth/idg-images/newAmisData/"
          ]
      }

4. Create a session token with globus. (Cluster 2 Password, ucsfbks)

   globus-connect-server session update ucsfbks@globusid.org

   • If above doesn't work, run below and follow instructions. (Cluster 2 Password, ucsfbks)

    globus-connect-server login localhost

5. Follow instructions given by globus and it should tell you that it was successful
6. In the same directory, run this command to update

   globus-connect-server collection update --sharing-restrict-paths file:path_restrictions.json 2e1e1781-6d8a-440a-8604-7100d9c65c90

7. This is the successful message

   code: success

Modify Guest Collection Read and Write Permissions in Globus Website

If a user needs to write, make sure only they are allowed to write in their given directory. Otherwise you can risk random users to write whatever they want.

1. Log into globus.org using Globus ID as user ucsfbks (Cluster 2 Password, ucsfbks)
2. On the left sidebar, click on Collections
3. In the top center of the page, click on Administered By You
4. Then click on UCSF BKS Lab Guest Collection
5. On the top left, click on the Permissions tab
6. Top right, click on the Add Permissions -- Share With button.
7. Fill in the form and double check that you have the right user and check that you have allowed them to write in the given directory.
8. At the end, before you create the new permission rule, the form should look like below