Voms2gacl

From GridSiteWiki

The python script voms2gacl can be used for creating .gacl files by a by contacting a VOMS server and creating a .gacl with the members of VOMS group or Role. It is especially useful for restricting access from non-voms enabled clients to .gacl enabled services.

The obvious use case is for adding .gacl files to gridsite enabled webserver that you wish to restrict page views with a web browser to members of VO.

[edit]

ReadMe

voms2gacl Steve Traylen <steve.traylen@cern.ch>

This utility can be used for creating .gacl files containing a list of DNs that are contained within a voms group or role.

To use the command: 

voms2gacl --help
voms2gacl: Converts a .voms2gacl file to a .gacl file
voms2gacl -h     Print this help
voms2gacl [-v] [ -d directory ] [ -k hostkey.pem ] [ -c hostcert.pem ]
          -v              Enable verbose mode
          -d directory    Specify a directory to process.
                          Default directory is .
          -k hostkey.pem  Location of hostkey. Default /etc/grid-security/hostkey.pem.
          -c hostcert.pem Location of hostkey. Default /etc/grid-security/hostcert.pem.
          -t threshold    Threshold, if a VOMS listing contains less than threshold users
                          the program exits. Designed to cope with broken VOMS servers. Default 0

or create a .voms2gacl file e,g /var/www/html/.voms2gacl 

<?xml version="1.0"?>
<voms2gacl>
<entry>
  <vomsserver>vomss://voms.cern.ch:8443/voms/atlas?/atlas/Role=production</vomsserver>
  <allow><read/><write/></allow>
</entry>
<entry>
  <vomsserver>vomss://voms.cern.ch:8443/voms/dteam?/dteam</vomsserver>
  <allow><write/></allow>
</entry>
</voms2gacl>

This can then be processed with 

voms2gacl -d /var/www/html

to create /var/www/html/.gacl file containing: 

<?xml version="1.0"?>
<gacl version="0.0.1">
 <entry>
      <person><dn>/DC=org/DC=doegrids/OU=People/CN=Dan Schrager 614930</dn></person>
      <allow><read/><write/></allow>
 </entry>
 <entry>
      <person><dn>/DC=org/DC=doegrids/OU=People/CN=LEUNG FOOK CHEONG Annabelle 571152</dn></person>
      <allow><read/><write/></allow>
 </entry>
 
 ....
 
 
 <entry>
      <person><dn>/O=GermanGrid/OU=DESY/CN=Christoph Wissing</dn></person>
      <allow><write/></allow>
 </entry>
 <entry>
      <person><dn>/C=GR/O=HellasGrid/OU=uoa.gr/CN=Aristotelis Glentis</dn></person>
      <allow><write/></allow>
 </entry>
 <entry>
      <person><dn>/C=CH/O=CERN/OU=GRID/CN=Pal Anderssen 4660</dn></person>
      <allow><write/></allow>
 </entry>
</gacl>
[edit]

Releases

voms2gacl can be downloaded from http://hepunx.rl.ac.uk/~traylens/rpms/voms2gacl

  • Version 1.0 Initial Release
  • Version 1.1 Bug fix for -t option.
[edit]

Cron Job

If you want a cron job to process your web documents coverting .voms2gacl to .gacl files then a trivial 

 find  /var/www/html -name .voms2gacl -exec dirname {} \; | xargs -i voms2gacl -t 10 -d {})
Retrieved from "http://www.gridsite.org/wiki/Voms2gacl"