- to the ENTIRE project via the `-writers` and `readers` egroups
- to individual folders (and their sub-folders) via the Authenticated Share method in CERNBox (in a Web browser)
* to the ENTIRE project via the `cernbox-project-<projectname>-writers` and `-readers` e-groups (you can check their membership at https://egroups.cern.ch).
* to individual folders (and their sub-folders) via the Authenticated Share method in CERNBox (in a Web browser).
> All the folders of the project can be shared by Authenticated Share and Link Share by members in the `-admins` e-group ONLY.
> All the folders of the project can be shared by Authenticated Share and Link Share by members in the `-admins` e-group ONLY. This group includes by default the service account that was designated when creating the project space, which owns all its files.
> The user (who is in -admins egroup) logs into his/her CERNBox, goes to the project in 'Your projects', and can then share a file/folder.
> The admin user logs into his/her CERNBox, goes to the project in 'Your projects', and can then share a file/folder.
> The user (who is in -admins egroup) can only see the shares that he/she did. To see the shares done by other admins, you should go to LXPLUS, see below.
## Check (via LXPLUS) which e-groups and users have access to the project space
## Check (via LXPLUS) which e-groups and users have access to the project space
...
@@ -15,36 +15,35 @@ Access is controlled (via the **Web interface**):
...
@@ -15,36 +15,35 @@ Access is controlled (via the **Web interface**):
- Login with the Service Account, or your own account (if you are an admin for the project space).
- Login with the Service Account, or your own account (if you are an admin for the project space).
- Run the command:
- Run the command:
```
```
eos root://eosproject.cern.ch attr ls /eos/project/<initial>/<project-name>/<path-to-folder>
eos root://eosproject.cern.ch attr ls /eos/project/<initial>/<project-name>/<path-to-folder>
```
```
Example:
Example:
```[swanee@lxplus701 ~]$ eos root://eosproject.cern.ch attr ls /eos/project/s/swanee/plots
```
[swanee@lxplus701 ~]$ eos root://eosproject.cern.ch attr ls /eos/project/s/swanee/plots
It is possible to define the EOS_MGM_URL=root://eosproject.cern.ch variable beforehand. In which case, you would not need root://eosproject.cern.ch in the EOS command.
It is possible to define the EOS_MGM_URL=root://eosproject.cern.ch variable beforehand. In which case, you would not need root://eosproject.cern.ch in the EOS command.
In the example above:
In the example above:
```
*`egroup:cernbox-project-swanee-writers:rwx+d` means that users in this e-group can read, write, execute and delete files/folders in this folder
- "egroup:cernbox-project-swanee-writers:rwx+d" means that users in this e-group can read, write, execute and delete files/folders in this folder
*`egroup:cernbox-project-swanee-readers:rx` means that users in this e-group can read files/folders in the folder
- "egroup:cernbox-project-swanee-readers:rx" means that users in this e-group can read files/folders in the folder
*`u:99090:rwx+d` means that the user with userid `99090` can read, write, execute, delete files/folders in the folder. The user was shared this folder using the Web interface.
- "u:99090:rwx+d" means that the user with userid '99090' can read, write, execute, delete files/folders in the folder. The user was shared this folder using the Web interface.
```
To find out which user has userid '99090', use the command "getent passwd <userid>"
To find out which user has userid `99090`, use the command `getent passwd <userid>`
