====================
Managing permissions
====================

This page explains the admin commands used to manage user permissions.


Checking file ownership
=======================

To verify that all files in the ``/opt/wakari/anaconda`` directory are owned
by the ``wakari`` user or group:

.. code-block:: bash

    root@server # find /opt/wakari/anaconda \! -user wakari -print
    root@server # find /opt/wakari/anaconda \! -group wakari -print


Fixing file ownership settings
==============================

To fix the ownership settings of any files that are listed in the output:

.. code-block:: bash

    chown -R wakari:wakari /opt/wakari/anaconda


Setting a file owner and permissions
====================================

To set a file owner and set its permissions:

.. code-block:: bash

   chown wakari:wakari /opt/wakari/wakari-server/bin/wk-*
   chmod 700 /opt/wakari/wakari-server/bin/wk-*


Verifying that POSIX ACLs are enabled
=====================================

The ``acl`` option must be enabled on the file system that contains the project
root directory.

NOTE: By default, the project root directory is ``/projects``.

To determine the project root directory where a custom ``projectRoot`` is
configured:

.. code-block:: bash

   root@compute # grep projectRoot /opt/wakari/wakari-compute/etc/wakari/config.json

The ``mount`` options or default options listed by ``tune2fs`` should
indicate that the ``acl`` option is enabled.

EXAMPLE:

.. code-block:: bash

   root@compute # fs=`df /projects | tail -1 | cut -d " " -f 1`
   root@compute # mount | grep $fs
   /dev/vda on / type ext4 (rw)
   root@compute # tune2fs -l $fs | grep options
   Default mount options:    user_xattr acl
