[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Handles that create new handles



Ok, thanks to your questions I found the error..


I was running the server as well as the admintool in the same machine yes, BUT the server as root, because if not I get many "denied permissions" messages and basically I cannot run the server..


What I have done, in case someone else has the same problem, is:

  1) Change the owner of the svr_1 folder from root to your user (sudo chown -R <user> svr_1)

  2) Give write permissions to svr_1/txns and svr_1/logs (chmod -R 777 <folder>  - I did 777 just in case..)
  3) Change the owner of the /tmp folder (for the deployment of the jetty server) from root to your user (same command as above - 1) ). I already give 777 permissions to /tmp folder (just in case), but changing the owner should be enough..


Now It's work perfectly.


Thank you very much!




De: Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>
Enviado: miércoles, 26 de julio de 2017 5:50:18
Para: Ruiz-Zafra, Angel
Cc: handle-info@cnri.reston.va.us
Asunto: Re: [Handle-info] Handles that create new handles
 
Are you running the hdl-admintool on the same machine as the handle server, or a different machine?  Same user account, or different user account?  What is in the .handle directory under the user's home directory on the machine where you run the hdl-admintool?  How does that compare to the contents of the .handle directory where you ran the hdl-admintool to test your "local computer"?  Also, what's in the .handle directory under the home directory of the user that runs the handle server?

Robert

On Jul 25, 2017, at 9:26 AM, Ruiz-Zafra, Angel <a.ruiz-zafra@ucl.ac.uk> wrote:

Hello Robert.

Yes, you are right. I duplicate the setup from my local computer  into a local server (I already tried to re-setup a new one from scratch into the local server) but in the local server is NOT possible to create new handles authenticated as 55555/user1. In my local computer it is possible..

About your questions:
- To test that 55555/user1 is able to create new handles I just use hdl-admintool in the server. I'm able to authenticated, modified values, delete/create handles if I'm authenticated as admin (55555/ADMIN). The hdl-admintool works perfectly.
- To create the full Handle structure (55555/creators, 55555/user1, etc), I'm using my own software that is supported by Handle Java library. Basically create the different Handles, update the HS_VLIST, add new indices with new values, etc..
- Debian 8 is running in my local computer and CentOS 7 is running in my local server
- The error is 400, invalid admin. Of course, using "anonymous_admin_full_access" = "yes"  I can create new handles being authenticated as 55555/user1, but this is not what I want, I just tested it to be sure there is not any problem related with the installation, and is reading the config file well..

I get your point about the config file (prefix:index), I'll fix it ,altough is not (suppsedly) the problem..

I didn't say in my previous email but I'm using MySQL instead Berkeley, but I guess it is not related with the problem, because the hdl-admintool as well hdl-dbtool work perfectly..

Best regards.

De: Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>
Enviado: martes, 25 de julio de 2017 15:13:39
Para: Ruiz-Zafra, Angel
Cc: handle-info@cnri.reston.va.us
Asunto: Re: [Handle-info] Handles that create new handles
 
Let me make sure I understand.  You had a handle server set up on one machine, your "local computer", and it was working as desired.  You then tried to duplicate the setup on a second machine, your "local server", but this time you aren't able to create new handles authenticated as 55555/user1.  Is that correct?

Which client are you using to try to create the handles?  What machine are you running that client on?  What error message does it give?

One comment about your config.dct, although this isn't causing your problem, as the same config.dct was working on the first machine.  The syntax for a handle administrator is INDEX:HANDLE where HANDLE is PREFIX/SUFFIX.  So 200:0.NA/55555 or 200:55555/ADMIN would make sense.  0.NA:55555/ADMIN does not.  55555/ADMIN without an index is also fine; this means any index of any key in that handle record.  Also, you might consider using "server_admin_full_access" = "yes" if you want server admins to be able to edit any handle record on the server.

Robert

On Jul 25, 2017, at 8:35 AM, Ruiz-Zafra, Angel <a.ruiz-zafra@ucl.ac.uk> wrote:

Hi again Robert, and sorry to bump this thread..

The solution you gave me in this thread it working perfectly. 

So far, I have been using my own computer to deploy local Handle server. For research purposes, I'm moving the Handle server installation from my computer to a local server (it's just for research/test purposes) and everything works fine (deployment, login, admintools, etc), EXCEPT the possibility to create new handles by other handles identified as HS_ADMIN in the 0.NA/55555 handle (55555 is my test-prefix), basically that you explained in this thread.

I have an automatic process to construct the Handle structure (0.NA/55555, 55555/creators, etc) and, after the full Handle structure is created, in my local computer I'm able to create new handles with the handles that are in 200:55555/creators (e.g. 300:55555/user1). But, doing the same process (with the same software) in my local server, I do not why, it is not possible to create new handles with the handles that are in 200:55555/creators. In this case, in my local computer, being identified as 55555/user1 I can create new handles, but in my local server I cannot.

The rest of Handle services works fine (manage handles with server admin, login through REST api, etc)..the only issue is about the 0.NA/55555 HS_ADMIN records..

I have checked the config.dct files (are equals, except the ip address), I have created in the .handle dir of my local server the local_nas file (to avoid GHR), etc. In addition, I tried a new Handle installation from scratch (instead copy hsj and svr_1 folders) but it is exactly the same...

I guess I'm missing some configuration parameter in some file...but I have no idea what is missing.

Any idea?.

Thanks in advance and best regards.

P.S. Below are the configuration text from config.dtc file:
--> Inside server_config block:

 "server_admin_full_access" = "no"
    "allow_na_admins" = "yes"
    "anonymous_admin_full_access" = "no"

 "server_admins" = (
      "0.NA:55555/ADMIN"
      "55555/ADMIN"
    )

    "replication_admins" = (
      "0.NA:55555/ADMIN"
    )

"auto_homed_prefixes" = (
      "0.NA/55555"
    )
--> Inside the local_nas file (.handle/local_nas) there is just a * 
--> In the DB, in the nas table: 0.NA and 0.NA/55555
--> In the DB, in the handles table: 0.NA/55555 , 55555/ADMIN, 55555/creators, etc etc













De: Robert Tupelo-Schneck <schneck@cnri.reston.va.us>
Enviado: jueves, 15 de junio de 2017 19:35:18
Para: Ruiz-Zafra, Angel
Cc: handle-info@cnri.reston.va.us
Asunto: Re: [Handle-info] Handles that create new handles
 
Authorization is controlled by HS_ADMIN values.  If you want users to be able to create handles starting with 55555/, then that can be controlled by an HS_ADMIN value on 0.NA/55555, specifying which users have "create handle" permissions.  Now, you presumably need to have CNRI (or other prefix administrator) change the prefix handle 0.NA/55555; but it could be set up so that the HS_ADMIN on 0.NA/55555 specifies that 200:55555/creators has "create handle" permission.  Then you can add users to an HS_VLIST at index 200 in 55555/creators.

Robert

On 2017-06-15, at 10:08, Ruiz-Zafra, Angel <a.ruiz-zafra@ucl.ac.uk> wrote:

Hi there!

I'm developing a web-plataform where authorised users (handles) must create different new elements that basically are new handles, and these new handles should be able to create/update handles. 

Basically what I'm trying to do is, for instance: I have a handle (55555/admin) that should be authorised by a secret key (HS_SECKEY). When its authorised (login+password), using the REST API I want to create new handles that represent new users for example (55555/user1, 55555/user2) with their own HS_VLIST, HS_SECKEY, etc. 

These new handles (55555/user1, 55555/user2) will be users that will be able to create a new handles (55555/element1, 55555/element2) or update information in some handles where they are authorised (checking the HS_VLIST). That is, I need Handles that can create new Handles (using REST API) without being in the config file as server admins.

I have been "playing" with the config file, changing the parameters/values, and with the admin tool, but I didn't find the way to do it...

Any idea?

Thanks and best regards!

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info