Access control lists

It is possible to restrict write access to the FATMEN catalogue using an ACL file. The ACL file consists of 3 fields.

  1. User name
  2. Node name
  3. Path name

Any of the fields may be wild-carded. When an update operation is attempted, FATMEN checks the username, nodename and pathname against those defined in the file FATMEN.ACL. This file resides in the directory or on the mini-disk containing the catalogue for which the update is being attempted. Thus, in the case of the CDF experiment, the file will be in the directory pointed to by the symbol or variable FMCDF.

Lines beginning with an exclamation mark, an asterix, a hash or slash asterix treated as comments.

                      Example of an ACL file
                                  

/*              FATMEN.ACL file for CDF experiment at Fermilab         */
! ! !
! ! ! CDF FATMEN Superusers: can modify any directory
! ! !
LINGFENG * //FNAL/CDF
! ! !
! ! ! CDF FATMEN Test users: can modify the subtree //FNAL/CDF/FATMEN
! ! !
CDF_FATM * //FNAL/CDF/FATMEN
! ! !
! ! ! CDF FATMEN General users: can modify  tree.
! ! ! e.g. FRODO can modify //FNAL/CDF/USERS/FRODO
! ! !
 * //FNAL/CDF/USERS/
! ! !
! ! ! CDF FATMEN General users: user ID does not match user name:
! ! !
GPYEH * //FNAL/CDF/USERS/YEH
! ! !
! ! ! CDF FATMEN TOP group Superusers:
! ! !
GPYEH * //FNAL/CDF/TOP
! ! !
! ! ! CDF FATMEN TOP DILEPTON subgroup Superusers:
! ! !
LUC * //FNAL/CDF/TOP/DILEPTON
CHIKA * //FNAL/CDF/TOP/DILEPTON
CENYI * //FNAL/CDF/TOP/DILEPTON