Permissions of collection object

irods-contrib / metalnx-web

Metalnx Web Application

https://metalnx.github.io/

BSD 3-Clause "New" or "Revised" License

36 stars 36 forks source link

Permissions of collection object #352

Open ll4strw opened 1 year ago

ll4strw commented 1 year ago

Hello, I am testing the latest version of metalnx and I get a permissions discrepancy between what I see on the server via icommands and what it is displayed by metalnx. For instance

 # ils -A ../baaa/Data -d

/Zone/home/baaa/Data:
        ACL - baaa#Zone:own   ks#Zone:read_object   
        Inheritance - Disabled

and

metalnx

Is this the desired behavior? Thanks in advance.

korydraughn commented 1 year ago

That looks like a bug.

What version of iRODS are you running Metalnx against?

ll4strw commented 1 year ago

iRODS v4.3.0 and metalnx v2.6.1

trel commented 1 year ago

I bet this is because metalnx hasn't yet learned about the change from 'read object' to 'read_object' in 4.3.0.

And probably also 'modify object' -> 'modify_object'.

ll4strw commented 1 year ago

@trel That makes sense.

In fact my iRODS server logs report

"request_release_version": "rods3.2"

upon initiating a connection.

PS: how does metalnx use the following credentials in metalnx.properties? Are there any background admin ops that the app performs? Are there any docs about? Thanks.

irods.admin.user=xxx
irods.admin.password=xxx

korydraughn commented 1 year ago

I'm not sure, but my guess is that there may be background processes running within the Metalnx server that require admin level privileges. Some operations offered by Metalnx may also require temporary escalation of privileges as well.

NFSRODS does a similar thing, so it isn't uncommon to find admin credentials in iRODS software.

ll4strw commented 1 year ago

I am just wondering..clearly many admin ops can also be performed if an admin logs in via the web interface..

trel commented 1 year ago

yes, metalnx caches many things in its own database and does so via admin credentials. there is also a background 'jobs' process - you can find it in the metalnx.properties file - also requires rodsadmin.

we are planning to remove the database (#214) as part of 3.0.0 - and therefore may metalnx a pure client, no admin requirements.

LyneVdV commented 2 months ago

I have the same issue with the permissions displayed in metalnx not matching the icommands ils -A results for collections. Except for the owners, metalnx always displays "NONE" for the other users while in fact permissions can be write or read. Good thing: if you modify the permission in metalnx, the change does matter and you can see the change using the ils -A icommands. Each time you refresh the metalnx web page, the permission of users (except for the owners) retruns to "NONE". Seems like a "reading permission" issue for the read and write only. Note that it works well for objects, I only see the issue with collections.

Any lead on a solution ? Thanks in advance :)

I am using iRODS 4.3.1, and I don't know my metalnx version (how/where can I get it ?).

korydraughn commented 2 months ago

We're currently preparing for our annual UGM and working on the release of iRODS 4.3.2.

At the very least, there won't be a fix for this until after 4.3.2 is released.

LyneVdV commented 2 months ago

Ok thank you !