HWRF
trunk@4391
|
Handles data restriction classes. More...
Handles data restriction classes.
Implements access control mechanisms for NOAA data. Although this was written for the NOAA Restricted Data (rstprod), it can be used for general access control. It is also more general than NOAA, so long as one correctly initializes the produtil.cluster module. The mechanism used depends on the cluster, due to varying capabilities throughout. Some do not implement access control mechanisms that are usable for the restricted data (such as NOAA Jet). For those systems, RstNoAccessControl is raised if one attempts to restrict a file.
Classes | |
class | RestrictionClass |
This is a python class intended to be used to automate restricting data to a specific restriction class using access control lists or group ownership. More... | |
class | RstBadGroup |
Raised when a group's id or name could not be determined. More... | |
class | RstNoAccessControl |
Raised when the cluster has no access control mechanisms. More... | |
class | RstprodError |
The base class of all exceptions specific to the rstprod module. More... | |
Functions | |
def | acl_text_for_rstclass (groupname, mode) |
Generates the access control list for the specified restriction class (groupname) and nine bit access permissions (mode). More... | |
def | make_rstprod_tagger |
Creates the rstprod_tagger object for use by tag_rstprod. | |
def | tag_rstprod |
Places a file or directory under the rstprod restriction class. More... | |
Variables | |
list | __all__ |
List of symbols exported by "from produtil.rstprod import *". More... | |
okay_mode = stat.S_IRUSR|stat.S_IWUSR|stat.S_IXUSR|\ | |
File permission bits (from the stat module) that are allowed to be set on restricted access data. More... | |
rstprod_tagger = None | |
The RestrictionClass object used for tag_rstprod. More... | |
def produtil.rstprod.acl_text_for_rstclass | ( | groupname, | |
mode | |||
) |
Generates the access control list for the specified restriction class (groupname) and nine bit access permissions (mode).
groupname | the restricted file unix group |
mode | required access mode (world access will be removed even if it is present in mode) |
Definition at line 37 of file rstprod.py.
Referenced by produtil.rstprod.RestrictionClass.make_acl_dict().
def produtil.rstprod.tag_rstprod | ( | target, | |
logger = None |
|||
) |
Places a file or directory under the rstprod restriction class.
This command will attempt to raise RstprodForbidden if it is run on a cluster that is not supposed to have rstprod data (only GAEA, Zeus and WCOSS are allowed).
This routine uses the approved rstprod protection mechanisms on each cluster:
Note that the NOAA Jet cluster is not allowed to contain restricted data, so this routine will raise RstprodForbidden on that cluster.
Definition at line 279 of file rstprod.py.
produtil.rstprod.__all__ |
List of symbols exported by "from produtil.rstprod import *".
Definition at line 14 of file rstprod.py.
produtil.rstprod.okay_mode = stat.S_IRUSR|stat.S_IWUSR|stat.S_IXUSR|\ |
File permission bits (from the stat module) that are allowed to be set on restricted access data.
When Access Control List (ACL) based access control is used, the group bits refer to the rstprod's permissions in the ACL, rather than the owning group.
Definition at line 34 of file rstprod.py.
produtil.rstprod.rstprod_tagger = None |
The RestrictionClass object used for tag_rstprod.
Create this with make_rstprod_tagger
Definition at line 272 of file rstprod.py.