[tahoe-dev] Access control and permissions on a tahoe grid
Rufus Pollock
rufus.pollock at okfn.org
Mon Jun 15 09:36:08 PDT 2009
2009/6/12 Kevin Reid <kpreid at mac.com>:
> On Jun 12, 2009, at 13:59, Rufus Pollock wrote:
[...]
>> 1. Can you have a "Grid Administrator" (with root-style permissions)?
>>
>> As I understand it from the documentation the ability to do stuff with
>> objects is controlled by the capability URI you have. If you have a
>> readcap you can read, if you have the writecap you can write etc.
>> Furthermore, these capability URIs are created when the object is
>> created and made available /to the creator/.
>>
>> In our setup we want people to be able to "donate" nodes to the grid.
>> At the same time there needs to be some way to monitor/control what
>> people upload (the aim is to store open data of general interest not
>> someone's personal backups or their CD collection) and we also want to
>> ensure not just anyone can come and delete objects.
>
> You don't need a root, a read-write-everything user, and you can't get it in
> Tahoe, by design, anyway. What you want is storage accounting, which once
> implemented will allow you to define and subdivide permissions to use
> specified amounts of space.
>
> http://allmydata.org/trac/tahoe/browser/docs/proposed/accounting-overview.txt
Yes I'd already read that but I hadn't thought of your suggested way
of using this to validate/monitor usage of the grid by users that you
propose in the next paragraph.
> To implement your "data of general interest" policy, you could provide
> someone with a storage authority which permits them to use U+A bytes, where
> A is the margin for uploading new files, and U is the total size of files
> which they have published links to in your catalog (directly or indirectly
> by a Tahoe directory) which have been reviewed as being of general interest.
That seems like a neat idea. Does the accounting system allow you to
"identify" the owner of a given share/file? If so that might be enough
for what we want.
>> 2. How do you control who can join a grid?
>>
>> Is there any way to configure my node only to talk to these other
>> nodes? Given that new nodes join a grid via an introducer I wondered
>> if there were some way to use the introducer for this function. (E.g.
>> I have to be a given a token which I pass to the introducer in order
>> to be "allowed in")
>
> What do you wish to accomplish by this, and why?
>
> - Restricting downloading of files/view directories?
No we are happy for everything to be world-readable (in fact we want
to force that).
> - Restricting uploading of new files?
More along these lines.
[...]
Rufus
More information about the tahoe-dev
mailing list