We're Hiring!

Changing default file permissions of ManagedRepository

Having a problem deploying OMERO? Please ask new questions at https://forum.image.sc/tags/omero
Please note:
Historical discussions about OMERO. Please look for and ask new questions at https://forum.image.sc/tags/omero

The OMERO.server installation documentation begins here and you can find OMERO.web deployment documentation here.

Changing default file permissions of ManagedRepository

Postby rpoehlmann » Wed Mar 04, 2015 2:31 pm

Hi all,

quick question about default file permissions used by OMERO to write image data into the "ManagedRepository" which resides on a NFS mounted NAS volume.

A page within the Developer Documentation describing the OMERO security concept https://www.openmicroscopy.org/site/support/omero5.0/developers/Server/SecuritySystem.html mentions a default of 755:

... comparable to a umask of 755 on Unix.


Note aside: I assume you mean actual permissions of 755, because a umask of 755 does not really make any sense?

However, within our ManagedRepository I can see actual permissions of "770" instead:

Code: Select all
[root@bc2-omerodev01 ~]# ls -l /export/omero/OMERO/ManagedRepository/poehlman_2/
total 64
drwxrwx--- 4 omeronas omeronas 32768 Nov 11 17:36 2014-11
drwxrwx--- 3 omeronas omeronas 32768 Jan 14 23:05 2015-01


Can this be changed to 750 (or 755) and, if yes, how/where?

Many thanks in advance, best regards,
-Rainer
User avatar
rpoehlmann
 
Posts: 42
Joined: Thu Feb 09, 2012 2:04 pm

Re: Changing default file permissions of ManagedRepository

Postby jmoore » Wed Mar 04, 2015 2:37 pm

Hi Rainer,

before answering this, can you explain what you're trying to achieve? Just being careful, since other than inplace import, there should be no reason to write to the ManagedRepository.

Cheers,
~Josh.
User avatar
jmoore
Site Admin
 
Posts: 1591
Joined: Fri May 22, 2009 1:29 pm
Location: Germany

Re: Changing default file permissions of ManagedRepository

Postby rpoehlmann » Wed Mar 04, 2015 3:53 pm

Hi Josh,

sure, no problem.

This particular ManagedRepository for OMERO will reside on a high-performance file-system directly connected to a HPC cluster. The idea is that a user who depends on an HPC environment for downstream image analysis can use the OMERO API to request the file-path for his/her OMERO managed files and can then directly access (of course read-only!) his/her files on the file system within the ManagedRepository for further analysis.

To ensure read-only direct file access, the group should only have "r-x" permissions. The OMERO user and the HPC user will be in the same group.

We are currently testing this kind of setup on our OMERO DEV environment to see if this would be feasible setup to also convince HPC user to put their data into OMERO and to omit intermediate copying steps for data transfer from the ManagedRepository to the high-performance file-system.

Does this make sense?

Cheers,
-Rainer
User avatar
rpoehlmann
 
Posts: 42
Joined: Thu Feb 09, 2012 2:04 pm

Re: Changing default file permissions of ManagedRepository

Postby jmoore » Wed Mar 04, 2015 5:10 pm

Thanks for the info, Rainer. Sounds very interesting.

rpoehlmann wrote:To ensure read-only direct file access, the group should only have "r-x" permissions. The OMERO user and the HPC user will be in the same group.


The OMERO server user should be fine with those permissions. Once you've modified the directory permissions recursively, and set the sticky flag, the key will be starting the server with the right group / umask to keep newly create directories in files in sync with your policy.

Depending on how far along you are with importing your data, an alternative would be to use the in-place import functionality, and leave the original data where it is outside the managed repository.

Happy to work through either of those uses with you here on the forums.

All the best,
~Josh.
User avatar
jmoore
Site Admin
 
Posts: 1591
Joined: Fri May 22, 2009 1:29 pm
Location: Germany


Return to Installation and Deployment

Who is online

Users browsing this forum: No registered users and 1 guest