Request: Change group on file

[nsc-jens]

We are trying to set up dcache-view as a general file access method for Swestore. There are a few things in the web GUI that we miss.

It would be very handy if a user that belongs to multiple groups would be able to change group on
a file or directory the user owns (you can’t change your ownership to someone else). If this is done on a directory, it would be nice if it would be recursive.

[paulmillar]

Hi Jens,

Although I believe I understand the motivation here, I'm not sure about changing ownership of an existing file. That normally requires superuser privileges; e.g., sudo chown ...

Instead, perhaps another way of tackling this would be to allow a user to control the group-ownership when uploading files. Existing files could be handled by the admin as a one-off corrective behaviour.

Does this sound reasonable alternative?

[nsc-jens]

Exactly. You can't change ownership of a file as a regular user. I'm asking for a way to change the group on the file (when the user belongs to several groups). Ownership must be modified by the dCache superuser on request.

In the typical case we have set "g+s" on the directory which makes the uploaded files inherit the group of the directory. This works as intended in most cases, but if the user, for example, moves an entire directory tree between to project directories the destination files will belong to the wrong group (and thus accounted on the wrong project).

I don't really know how this could be implemented in the GUI. I haven't given it that much though. Changing a single file or directory might be implemented by some context menu with a list of possible groups, but what about recursive stuff and multiple (thousands) of files. Perhaps that is another request to the dCache super user?

[paulmillar]

Just to double-check I understand the use-case here correctly:

Projects have their own portion of the namespace: a subtree where all files and directories are specific to that project. Projects also have a specific group or gid.

Directories permissions are configured so that uploaded files inherit their parent directory's group-owner (g+s). A file's or directory's group-ownership is used to authorise people in the same project.

This works fine, provided the files and directories aren't moved outside of a project area.

If files and directories are moved to a different project's subtree then the moved files will have the "wrong" ownership for their new location, because the group-ownership inheritance only happens when the file is uploaded.

So, it is desirable that, when files and directories are moved to a different project area the moved content's group-ownership should (somehow) be updated to match their new location.

Does this describe the situation?

[nsc-jens]

I think the description is correct, but perhaps the conclusion misses the mark a bit.

I don't think automatically modifying the GID on a file when it's moved is a good idea. That is not how a regular file system work and I think there is some value in trying to make dCache appear as one as far as it's possible.

(As a side note, we do map each user to her personal UID (jens) and GID (jens), which is different from the project directory GID (testproj). The PI that requested the storage owns the project directory but all files in it has the UID of of the creator and the GID of the project. In general the permissions on the project directory is set to 2770 to make it possible for all users in the project to read and write all files and to ensure that the group ownership of the file is set correctly.)

So a method to change the GID between "jens" and "testproj" is what I'm looking for. For example when I'm moving files from one project directory to another.

[paulmillar]

OK, good.

The "(somehow)" was meant to indicate that the desired behaviour could happen in many different ways. For example:

• user selects directories to move, moves them, selects the files/directories in their new location, selects update-group-owner, selects the correct, new group-owner.
• user selects directories to move, moves them, selects the files/directories in their new location, selects "update to inherited group-owner".
• user selects directories, selects "Advanced move", ticks the "inherit group-ownership" box, selects "OK" button.
• user selects directories, selects move (the files appear automatically with the correct group-ownership).
  ...

Another point, just to be clear, this ticket is specifically about user-interaction; i.e., "what the user sees". It has no direct impact on how dCache-view is interacting with dCache. How this is implemented is a separate issue.

Finally, the other (big) question is about consistency: what should happen if the files/directories are moved by some other means; e.g., through the WebDAV, FTP, NFS, etc. Isn't there a similar requirement there? We would need to support a chown-like command where users can change their group-ownership throughout dCache.

[nsc-jens]

Finally, the other (big) question is about consistency: what should happen if the files/directories are moved by some other means; e.g., through the WebDAV, FTP, NFS, etc. Isn't there a similar requirement there? We would need to support a chown-like command where users can change their group-ownership throughout dCache

Yes. It's the same thing with other interfaces. In fact, perhaps I want to solve a problem in dcache-view that happens due to interactions done by other means. It has been a long standing issue that seeing and modifying groups and permissions has been difficult. Especially since this might not even be exposed in other protocols and clients. The trouble is of course that if the protocol doesn't support it (chgrp, chmod) or the clients doesn't support it, it's a steep hill to climb to get it in there and deployed everywhere. /jens