To share data among multiple users within a laboratory or a research group (both ETH-/ ITET-internal only) a project account should be ordered from ISG.EE (see section "Ordering a project account").
A project account is associated with a secure storage space (including backup) and a virtual group of project members who are granted to access the project data. The files stored under the project account are accessible by all project members by default. Access rights are handled through project group membership and the individual file/ directory permissions. Technically, all files in the project account belong to the same UNIX group (project group). The access permissions ("umask") for new files or directories are set in a way that allows all project group members read and write access to the project's files. Consequently, a user who is not a member of the project group corresponding to that project account, will not be able to access the project's files.
Organizational/ technical overview
Facts about project accounts:
- Project accounts are independent UNIX accounts in the D-ITET/ TARDIS environment
- Their main attributes:
- expiry date
- person in charge
Each project account has a specific project group (itet-isg-<projectname>)
- Project data access is granted to users via project group membership
A D-ITET/ TARDIS user account is required to work with project accounts
Each project is owned by a personal D-ITET/ TARDIS account. The owner, as person in charge, is our contact person.
Each project account has its own project group, i.e. itet-isg-<projectname>. A user who wants to access the project's data must have added his/ her user account as a member in the project group. The project's owner determines who is permitted to become a project member of that group. Only valid D-ITET/ TARDIS accounts can become a member of a project account. To share data with external people from other organizations, a D-ITET guest account must be ordered first by the technical contact (IT coordinator) of the D-ITET institute involved.
By default, the project data can be accessed in read/ write manner by all project group members via NFS and Samba (in parallel). Since access to data in the project account is permitted via project group membership of regular user accounts, the password of the project account itself is not required to be known to the project members. If needed for maintenance purposes, the project account's password can be handed over to the project owner. That password must not be shared with the project members or anybody else.
Project share overview: itet-stor
The itet-stor share provides an overview of all project accounts you are allowed to access and also is a comfortable entrance point to the (often various) project directories. The itet-stor share's information is built on a regular user account basis, i.e. it shows all project (and some other) storage resources a regular user is allowed to access. Thus, you must access the itet-stor share with your username in the path, e.g. \\itet-stor\zdavis, but not with the name of a project account (the latter won't work, e.g. \\itet-stor\<projectname> does not exist).
Space usage and quota
The data usage and quota of a project can be checked by any project member on the website https://quotaview.ee.ethz.ch/ or on the Linux command line of an ISG.EE managed client with the following command:
Ordering a project account
To order a new project account, send an email (Subject: New project account <projectname>) to firstname.lastname@example.org containing the following information:
- Institute name
- Project name
- Contact name and email (in general the requestor)
- Expiry date (default 1 to 2 years)
- Short description
Registered laboratory IT deputies may also use the website https://support.ee.ethz.ch/ to make account orders. This website is only accessible from within the ETH network or when using VPN.
Project account naming convention
In general, the name of the project account can be chosen freely with some restrictions:
- Maximum length 12 characters
- Only lower case characters are allowed
- No hyphens ('-'); however underlines ('_') are allowed
The best practice is to choose a name that reflects the project's name or topic. If that doesn't suit you, a project name like <staffmember>_data might also be requested. NOTE: The project account name cannot be changed once the account has been created.
The project owner can ask for addition of new members or removal of existing members by sending a request to email@example.com.
Subject: Add/ remove user to/ from project <projectname>
- Content: list of users (to be added as project group members/ to be removed from the project group membership)
If a user doesn't have a valid D-ITET/ TARDIS account, a guest account can be requested by the technical contact (IT coordinator) of the laboratory/ institute.
A fee for the effectively used project storage space and for project account management work is charged annually (contract between ISG.EE and institute).