To share data within an institute or a research group (both ETH/ITET internal only) in a safe manner a so called project account is the easiest way.
A project account is associated with storage space (including backup) and a list of project members that can access this data. All files at this location allow read+write access to all project members by default. Right access is handled through UNIX rights: the location of the storage space and sub folders belong to this dedicated project UNIX account and to its dedicated group all project members are a member of. By default the user's umask of all members is set so that all new files are accessible for group members and closed to others.
Some facts about project accounts:
- an independent UNIX account in the D-ITET/TARDIS environment
- main attributes:
- expiry date
- person in charge
distinct group (itet-isg-<projectname>)
- data access via group membership
- D-ITET/TARDIS account needed for membership
Each project is owned by a personal D-ITET/TARDIS account. The owner, as person in charge, is our contact person.
Each project account has its own group, i.e. itet-isg-<projectname>. To access the project's data a group membership is necessary. The project's owner determines who is permitted to become a project member. Only valid D-ITET/TARDIS accounts can become a member of a project account. To share data with people from other ETH organization a D-ITET guest account must be ordered first by the technical contact (IT coordinator) of the D-ITET institute involved.
As a standard setup the project data can be accessed read/write by all project members via NFS and Samba (in parallel). Since the access is permitted via each members credential (i.e. username and password) the project's account password must not be known. If needed the project account's password is handed over to the project owner. The password must not be shared.
A different access setup is also possible. Details must be arranged individually.
Using itet-stor is the easiest way to find the project's data. For each project one is a member of, a link is available in the personal link list.
Keep in mind a project account never has a link list, therefore neither
Usage and Quota
The the data usage and quota of a project can be checked by any project member by
Remark: The command does work for already migrated projects only
To order a new project account just send an email (Subject: New project account <projectname>) to firstname.lastname@example.org containing these specifications:
- project name
- contact name and email (in general the requester)
- expiry date (default 1 to 2 years)
In general the name of the project can be chosen freely within some rules
- maximum length 12 characters
- only lower case
- no hyphen '-' underline '_' only
The best practice is to choose a name that reflects the project's subject. If that does not work for you, a project name like <staffmember>_data is also possible. Attention: The projects name cannot be changed afterwards.
The project owner can ask for addition of new members or removal of existing members by sending a request to email@example.com
Subject: Adding/Remove user to/from project <projectname>
- Content: list of users
If a user does not have a valid D-ITET/TARDIS account, a guest account can be requested by the technical contact (IT coordinator) of the lab/institute.
The project account management and storage space allocated by a project is charged by an annual fee (contract between ISG.EE and institute).