The POSIX Connector provides access to data files accessible by the POSIX file API on the data transfer nodes of a collection.
The POSIX Connector filesystem reflects the file system hierarchy on the data transfer nodes that the collection is visible on. If there are multiple data transfer nodes, they must use a shared file system to provide a coherent view of the file system.
When accessing data on a POSIX collection, if the storage gateway’s restrict_paths or a mapped collection’s sharing_restrict_paths property are set to disallow all access to a file or directory, those directory entries will not be visible in the collection.
Also, the collection_base_path value is set on collection creation and acts as the root of the collection’s virtual filesystem, similar to a POSIX chroot.
The POSIX Connector has policies to configure POSIX group-level access controls, that complement the user based access controls in the base storage gateway document. See the storage gateway create reference manual for information about how these policies interact with the storage gateway policies.
The groups_allow property is used restrict access to users who are not explicitly allowed or denied by the storage gateway user policy to be allowed access if their account is a member of one of the named POSIX groups.
POSIX user credentials are derived from the values in the data transfer node’s password database. Neither the GCS Manager nor the GridFTP server directly see the user’s password, but will use the mapping of the storage gateway to map a user’s Globus Auth identity to a POSIX username.
The only property which may be changed on a POSIX user credential is the
invalid property. This may be set to
True to temporarily disable
the use of this credential and on the collections associated with the
same storage gateway as the credential.