release notes | Book: 1.9.5, 1.9.12 (opt, FHS), 2.11 (FHS), 2.12 (FHS), 2.13 (FHS), 2.14 (FHS), | Wiki | Q&A black_bg
Web: Multi-page, Single page | PDF: A4-size, Letter-size | eBook: epub black_bg
dCache configuration
Prev Chapter 16.  ACLs in dCache  Next
The dCache Book > Configuration of dCache > ACLs in dCache > dCache configuration

dCache configuration

The dCacheSetup file contains a number of settings that may be adjusted to configure dCache’s permission settings. These settings are are described in this section.

[return to top]

permissionHandler

The permissionHandler setting describes the Permission Handler chain that dCache will use. It contains a list of permission handlers that will form the chain. Valid permission handlers are diskCacheV111.services.acl.UnixPermissionHandler and diskCacheV111.services.acl.ACLPermissionHandler. Not specifying a permissionHandler value is equivalent to specifying the UnixPermissionHandler.

No spaces

Remember when writing permissionHandler options that the value must be a single line leaving no space before and after the separating comma.

Example 16.1. Only use Unix authorisation model

The following setting results in dCache using Only the Unix authorisation model. The decision about whether an end user is authorised is based on file and directory ownership and group-ownership and on the file or directory permissions: 

permissionHandler=diskCacheV111.services.acl.UnixPermissionHandler

Example 16.2. Only ACLs authorisation model

Only the NFS v4 ACL authorisation model is used: 

permissionHandler=diskCacheV111.services.acl.ACLPermissionHandler

Example 16.3. ACLs first, Unix as a fall-back

The ACL permissions are checked first. If ACLs do not state whether an operation is allowed or denied then Unix permissions are checked: 

permissionHandler=diskCacheV111.services.acl.ACLPermissionHandler,
diskCacheV111.services.acl.UnixPermissionHandler

[return to top]

Database connection

In the ACL Configuration section of the dCacheSetup file uncomment the variable aclConnUrl and replace the database name chimera in the URI with the name of the ACL database just created. If the database is hosted by a remote PostGreSQL instance then the host part of the URI (localhost in the default) must also be replaced.

If the database is aclpnfs and hosted by the PostgreSQL instance on machine db-server.example.org, the correct configuration line is 

aclConnUrl=jdbc:postgresql://db-server.example.org/aclpnfs?prepareThreshold=3

Apply changes to all doors

The change must be applied to the dCacheSetup file on all doors. If the PostgreSQL instance hosting the database is on the same machine then localhost may be used.

Tip

Many sites can refer to a node using just the short name; for example, db-server instead of db-server.example.org in the above example.
Prev Up Next
Database configuration Home ACL Administration