• Views
  • Iteration Report
  • My Iteration Report
  •  
OMERO.server
  • Login
  • Help/Guide
  • About Trac
  • Preferences
  • Wiki
  • Timeline
  • Roadmap
  • Browse Source
  • View Tickets
  • Search

Context Navigation

  • ← Previous Ticket
  • Next Ticket →

Ticket #941 (new story)

Opened 5 months ago

Last modified 5 months ago

Add "trusted" capability to OMERO.fs

Reported by: jmoore Owned by: cblackburn
Priority: critical Milestone: 3.0-Beta4
Component: OmeroFs Version: 3.0-M1
Keywords: security, scripting Cc: callan, donald

Description (last modified by jmoore) (diff)

Currently to permit scripting it is necessary for an admin to upload a script as an OriginalFile. Trusted files need to be marked so that they are executable. For example, 

   ./omero.fs --add /usr/local/path/matlab --trusted

Change History

Changed 5 months ago by jmoore

  • cc donald added
  • keywords scripting added; omerofs removed
  • component changed from Scripting to OmeroFs
  • description modified (diff)

As discussed during a May 22 call, the most effective solution to this is to use user-mapping so that OS user X's maps to OMERO user X, and unknown OS user unknown to OMERO will not have their files made visible. The OmeroFs process would have to run as root.

For systems where such a mapping doesn't exist, would it make sense to enable "user" directories: 

   ./omero.fs --add /var/omero/users/X --mapto X

and any file that gets copied there belongs to user X. The permissions on the directory are then completely up to the sysadmin. OmeroFs will in most cases still need to be run as root.

Note: See TracTickets for help on using tickets.

Download in other formats:

  • Comma-delimited Text
  • Tab-delimited Text
  • RSS Feed
Trac Powered

Powered by Trac 0.11
By Edgewall Software.

Visit the Trac open source project at
http://trac.edgewall.org/