|
Size: 4264
Comment:
|
Size: 5353
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 8: | Line 8: |
| To share data within an institute or a research group (both ETH-/ ITET-internal only) in a safe manner, a so called ''project account'' is the easiest way. | To share data among multiple users within a laboratory or a research group (both ETH-/ ITET-internal only) a ''project account'' should be ordered from ISG.EE (support@ee.ethz.ch). |
| Line 10: | Line 10: |
| A project account is associated with storage space (including backup) and a list of project members that can access this data. All files at this location allow read/ write access to all project members by default. Right access is handled through UNIX rights: the location of the storage space and sub folders belong to this dedicated project UNIX account and to its dedicated group all project members are a member of. By default the user's umask of all members is set so that all new files are accessible for group members and closed to others. | A project account is associated with a secure storage space (including backup) and a virtual group of project members who are granted to access the project data. The files stored under the project account are accessible by all project members by default. Access rights are handled through project group membership and the individual file/ directory permissions. Technically, all files in the project account belong to the same UNIX group (project group). The default the access permissions of new files or directories ("umask") are set in a way that allows all (and only) project group members read and write access to these files. Consequently, a user who is not a member of the project group corresponding to that project account, will not be able to access the project's files. |
| Line 12: | Line 12: |
| == Organizational/ technical overview == | |
| Line 13: | Line 14: |
| == Organizational/technical Overview == Some facts about ''project accounts'': * an independent UNIX account in the D-ITET/TARDIS environment |
Facts about ''project accounts'': * an independent UNIX account in the D-ITET/ TARDIS environment |
| Line 20: | Line 20: |
| * distinct group (itet-isg-<projectname>) * data access via group membership * D-ITET/TARDIS account needed for membership |
* project account specific project group (itet-isg-<projectname>) * data access via project group membership * A D-ITET/ TARDIS ''user account'' is required to work with project accounts |
| Line 24: | Line 24: |
| == Project owner == Each project is owned by a personal D-ITET/ TARDIS account. The owner, as person in charge, is our contact person. |
|
| Line 25: | Line 27: |
| == Project Owner == Each project is owned by a personal D-ITET/TARDIS account. The owner, as person in charge, is our contact person. |
== Project group == Each project account has its own project group, i.e. itet-isg-<projectname>. A user who wants to access the project's data must have set his/ her user account as a member in the project group. The project's owner determines who is permitted to become a project member of that group. Only valid D-ITET/ TARDIS accounts can become a member of a project account. To share data with people from other ETH organizations, a D-ITET ''guest account'' must be ordered first by the technical contact (IT coordinator) of the D-ITET institute involved. |
| Line 28: | Line 30: |
| == Data access == By default, the project data can be accessed in read/ write manner by all project group members via NFS and Samba (in parallel). Since access to data in the project account is permitted via project group membership of regular user accounts, the password of the project account itself is not required to be known to the project members. If needed for maintenance purposes, the project account's password can be handed over to the project owner. That password must not be shared with the project members or anybody else. |
|
| Line 29: | Line 33: |
| == Project Group == Each project account has its own group, i.e. itet-isg-<projectname>. To access the project's data a group membership is necessary. The project's owner determines who is permitted to become a project member. Only valid D-ITET/TARDIS accounts can become a member of a project account. To share data with people from other ETH organization a D-ITET guest account must be ordered first by the technical contact (IT coordinator) of the D-ITET institute involved. |
== Project share overview: itet-stor == The [[https://computing.ee.ethz.ch/Workstations/FindYourData|itet-stor]] share provides an overview of all project accounts you are allowed to access and also is a comfortable entrance point to the (often various) project directories. The itet-stor share's information is built on a regular user account basis, i.e. it shows all project (and some other) storage resources a regular user is allowed to access. Thus, you must access the itet-stor share with '''your username''' in the path, e.g. `\\itet-stor\zdavis`, but not with the name of a project account (the latter won't work, e.g. `\\itet-stor\<projectname>` does not exist). |
| Line 32: | Line 36: |
== Data Access == As a standard setup the project data can be accessed read/write by all project members via NFS and Samba (in parallel). Since the access is permitted via each members credential (i.e. username and password) the project's account password must not be known. If needed the project account's password is handed over to the project owner. The password must not be shared. A different access setup is also possible. Details must be arranged individually. == itet-stor == Using [[https://computing.ee.ethz.ch/Workstations/FindYourData|itet-stor]] is the easiest way to find the project's data. For each project one is a member of, a ''link'' is available in the personal link list. Keep in mind a project account never has a link list, therefore neither {{{ \\itet-stor\<projectname> |
== Space usage and quota == The data usage and quota of a project can be checked by any project member on the website https://quotaview.ee.ethz.ch/ or on the Linux command line of an ISG.EE managed client with the following command: {{{ quotack --project=<projectname> |
| Line 48: | Line 41: |
| nor {{{ /itet-stor/<projectname> }}} does exit. == Usage and Quota == The the data usage and quota of a project can be checked by any project member by {{{ quotack --project=<projectname> }}} Remark: The command does work for already migrated projects only == Project Request == To order a new project account just send an email (Subject: New project account <projectname>) to support@ee.ethz.ch containing these specifications: |
== Ordering a project account == To order a new project account, send an email (Subject: New project account <projectname>) to support@ee.ethz.ch containing these specifications: |
| Line 76: | Line 51: |
| Registered laboratory IT deputies may also use the website https://support.ee.ethz.ch/ to make account orders. This website is only accessible from within the ETH network or when using VPN. | |
| Line 77: | Line 53: |
| == Naming Convention == In general the name of the project can be chosen freely within some rules |
== Project account naming convention == In general, the name of the project can be chosen freely within some restrictions |
| Line 80: | Line 56: |
| * only lower case * no hyphen '-' underline '_' only |
* only lower case characters * no hyphens ('-'); however underlines ('_') are allowed |
| Line 83: | Line 59: |
| The best practice is to choose a name that reflects the project's subject. If that does not work for you, a project name like <staffmember>_data is also possible. Attention: The projects name cannot be changed afterwards. |
The best practice is to choose a name that reflects the project's name or topic. If that doesn't work for you, a project name like <staffmember>_data is also possible. NOTE: The project account name cannot be changed once the account has been created. |
| Line 88: | Line 62: |
| The project owner can ask for addition of new members or removal of existing members by sending a request to support@ee.ethz.ch | The project owner can ask for addition of new members or removal of existing members by sending a request to support@ee.ethz.ch. |
| Line 90: | Line 64: |
| * Subject: Adding/Remove user to/from project <projectname> | * Subject: Add/ remove user to/ from project <projectname> |
| Line 93: | Line 67: |
| If a user does not have a valid D-ITET/TARDIS account, a guest account can be requested by the technical contact (IT coordinator) of the lab/institute. |
If a user doesn't have a valid D-ITET/ TARDIS account, a guest account can be requested by the technical contact (IT coordinator) of the laboratory/ institute. |
| Line 97: | Line 70: |
| The project account management and storage space allocated by a project is charged by an annual fee (contract between ISG.EE and institute). |
A fee for the effectively used project storage space and for project account management work is charged annually (contract between ISG.EE and institute). |
Contents
Data Sharing
To share data among multiple users within a laboratory or a research group (both ETH-/ ITET-internal only) a project account should be ordered from ISG.EE (support@ee.ethz.ch).
A project account is associated with a secure storage space (including backup) and a virtual group of project members who are granted to access the project data. The files stored under the project account are accessible by all project members by default. Access rights are handled through project group membership and the individual file/ directory permissions. Technically, all files in the project account belong to the same UNIX group (project group). The default the access permissions of new files or directories ("umask") are set in a way that allows all (and only) project group members read and write access to these files. Consequently, a user who is not a member of the project group corresponding to that project account, will not be able to access the project's files.
Organizational/ technical overview
Facts about project accounts:
- an independent UNIX account in the D-ITET/ TARDIS environment
- main attributes:
- expiry date
- quota
- person in charge
project account specific project group (itet-isg-<projectname>)
- data access via project group membership
A D-ITET/ TARDIS user account is required to work with project accounts
Project owner
Each project is owned by a personal D-ITET/ TARDIS account. The owner, as person in charge, is our contact person.
Project group
Each project account has its own project group, i.e. itet-isg-<projectname>. A user who wants to access the project's data must have set his/ her user account as a member in the project group. The project's owner determines who is permitted to become a project member of that group. Only valid D-ITET/ TARDIS accounts can become a member of a project account. To share data with people from other ETH organizations, a D-ITET guest account must be ordered first by the technical contact (IT coordinator) of the D-ITET institute involved.
Data access
By default, the project data can be accessed in read/ write manner by all project group members via NFS and Samba (in parallel). Since access to data in the project account is permitted via project group membership of regular user accounts, the password of the project account itself is not required to be known to the project members. If needed for maintenance purposes, the project account's password can be handed over to the project owner. That password must not be shared with the project members or anybody else.
Project share overview: itet-stor
The itet-stor share provides an overview of all project accounts you are allowed to access and also is a comfortable entrance point to the (often various) project directories. The itet-stor share's information is built on a regular user account basis, i.e. it shows all project (and some other) storage resources a regular user is allowed to access. Thus, you must access the itet-stor share with your username in the path, e.g. \\itet-stor\zdavis, but not with the name of a project account (the latter won't work, e.g. \\itet-stor\<projectname> does not exist).
Space usage and quota
The data usage and quota of a project can be checked by any project member on the website https://quotaview.ee.ethz.ch/ or on the Linux command line of an ISG.EE managed client with the following command:
quotack --project=<projectname>
Ordering a project account
To order a new project account, send an email (Subject: New project account <projectname>) to support@ee.ethz.ch containing these specifications:
- institute
- project name
- contact name and email (in general the requester)
- expiry date (default 1 to 2 years)
- description
- quota
Registered laboratory IT deputies may also use the website https://support.ee.ethz.ch/ to make account orders. This website is only accessible from within the ETH network or when using VPN.
Project account naming convention
In general, the name of the project can be chosen freely within some restrictions
- maximum length 12 characters
- only lower case characters
- no hyphens ('-'); however underlines ('_') are allowed
The best practice is to choose a name that reflects the project's name or topic. If that doesn't work for you, a project name like <staffmember>_data is also possible. NOTE: The project account name cannot be changed once the account has been created.
Membership request
The project owner can ask for addition of new members or removal of existing members by sending a request to support@ee.ethz.ch.
Subject: Add/ remove user to/ from project <projectname>
- Content: list of users
If a user doesn't have a valid D-ITET/ TARDIS account, a guest account can be requested by the technical contact (IT coordinator) of the laboratory/ institute.
Costs
A fee for the effectively used project storage space and for project account management work is charged annually (contract between ISG.EE and institute).