NetDRMS User Setup

In order to use NetDRMS, you must have permission to access the DRMS database and the SUMS data storage and logging area. The following instructions are intended for the database and/or system administrator to set you up as an authenticated user. They assume that there is a running NetDRMS server for your site, and that there are publicly accessible NetDRMS utility executables and libraries against which you can link for development of code based on the DRMS API. If you wish to install your private version of the NetDRMS distribution, please refer to the Installation/Upgrade instructions.

The user setup described here only needs to be performed once per user, even if you build and upgrade your own distribution. The build does not depend on it, but you will need it to be able to execute code modules that access the DRMS.

  1. Add a new user identified by name to the Postgres database. Run psql as the postgres administrator, connecting to the database db on the server host dbserver:
    % psql -h dbserver -d dbname -U postgres_admin
    postgres=> create user name;
    postgres=> alter user name with password 'init_pass';
    postgres=> \q
    
  2. Assign a default namespace to the user, to be used for any personally created data series. Typically the namespace will be of the form siteID_userID, where siteID is selected from a universally agreed upon namespace and userID is the user's name, login name, initials, or whatever. See http://jsoc.stanford.edu/jsocwiki/DrmsSeriesNames for some names already in use. Run the following (this assumes that the NetDRMS software has been built, masterlists is an executable in the bin path):
    % masterlists dbuser=name namespace=ns nsgrp=user
    
    You will be prompted for the postgres administrator password. The nsgrp=user argument specifies that this namespace will be a private one, in which series can be created, modified, and deleted by the named user only. In order to set up a shared namespace, you need to create a separate Postgres role, run the masterlists command with that role given for the dbuser, and with the argument nsgrp=sys. An example is provided in the setup instructions for the "public" namespace drms available to users sharing the role drmsuser. Step 7 below shows how to give a user write access to such a shared namespace, by making them a member of the role associated with that namespace by the masterlists command.
  3. Setup the default session namespace. Run psql as above::
    % psql -h dbserver -d dbname -U postgres_admin
    postgres=> insert into admin.sessionns values ( 'name' , 'ns' );
    postgres=> \q
    
  4. If you are running in a multi-user environment, make sure that the user is in the unix group that shares the SUMS root directory.
  5. If the user wishes to change their Postgres password from the one assigned by the Postgres administrator, before setting up the required .pgpass file as described in the next step, do the following:
    % psql -h dbserver -d dbname -U user
    postgres=> alter user name with password 'new_pass';
    postgres=> \q
    
    The user will be prompted by the psql process for their original password.
  6. The user needs to create a file named .pgpass in their home directory. This file must have permission mask 600 (or 400) and contain the name of the database server(s) (preferably in both short and domain-name form), the user's postgres identification, and password: This is the Postgres password, not the login password and it is obviously very important to make them different, since the Postgres password in this file is unencrypted!
    % cat > ~/.pgpass
    dbserver:*:*:user:password
    dbserver.site.dom:*:*:user:password
    ^D
    % chmod 600 ~/.pgpass
    
  7. To give the user permission to create/delete/modify series in another namespace besides their default session namespace, e.g. the drms namespace, run:
    % psql -h dbserver -d dbname -U postgres_admin
    postgres=> grant drmsrole to user;
    postgres=> \q
    
    where drmsrole is the name of the owner of the target namespace
  8. In order for certain services to work properly, it is necessary that the user's path include at least the DRMS scripts. It is a good idea to have the path include the DRMS executables as well. The user should set their path accordingly to include $DRMS/scripts and $DRMS/bin/$JPLAT, where DRMS and JPLAT are suitably defined.

Valid HTML 4.01 Strict 23 Oct 2009, 16:43-0700