raw data directory-level permissions #28
Assignees
Comments
|
Purely for the record: I think I tried this in the past and for a reason I can't recall it was more trouble than it was worth. If nothing else it is worth testing and documenting why it is a pain, even if we don't end up implementing it. |
|
I am testing this as an addition to PR #41. I can say that removing user-write before the backup is triggered would significantly increase the algorithmic complexity of the code, if it worked at all. However if it is done at the last possible moment before the backup, then I think it will work. Still needs operational testing. |
|
Closed by #41. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the raw data files have write permissions removed even from the desi-user owner to prevent accidental updates (good). However the directories themselves still have user write permission, meaning that the desi user could accidentally delete files or add files to raw data directories that are supposed to be frozen. I suggest that we remove write permission from all past directories, and update desitransfer to remove write permission from each new night just before it backs it up to HPSS. That way we have to be very purposeful about any future updates and are more safe from accidental deletions.
The text was updated successfully, but these errors were encountered: