iCommands - Tickets

iticket

Usage: iticket [-h] [command]
 -h This help
Commands are:
 create read/write Object-Name [string] (create a new ticket)
 mod Ticket_string-or-id uses/expire string-or-none  (modify restrictions)
 mod Ticket_string-or-id write-bytes-or-file number-or-0 (modify restrictions)
 mod Ticket_string-or-id add/remove host/user/group string (modify restrictions)
 ls [Ticket_string-or-id] (non-admins will see just your own)
 ls-all (list all your tickets, even with missing targets)
 delete ticket_string-or-id
 quit

Tickets are another way to provide access to iRODS data-objects (files) or collections (directories or folders). The 'iticket' command allows you to create, modify, list, and delete tickets. When you create a ticket its 16 character string is given to you which you can share with others. This is less secure than normal iRODS login-based access control, but is useful in some situations. See the 'ticket-based access' page on irods.org for more information.

A blank execute line invokes the interactive mode, where iticket prompts and executes commands until 'quit' or 'q' is entered. Like other unix utilities, a series of commands can be piped into it: 'cat file1 | iticket' (maintaining one connection for all commands).

Use 'help command' for more help on a specific command.

create

 create read/write Object-Name [string] (create a new ticket)
Create a new ticket for Object-Name, which is either a data-object (file)
or a collection (directory). 
Example: create read myFile
The ticket string, which can be used for access, will be displayed.
If 'string' is provided on the command line, it is the ticket-string to use
as the ticket instead of a randomly generated string of characters.

mod

   mod Ticket-id uses/expire string-or-none
or mod Ticket-id add/remove host/user/group string (modify restrictions)
Modify a ticket to use one of the specialized options.  By default a
ticket can be used by anyone (and 'anonymous'), from any host, and any
number of times, and for all time (until deleted).  You can modify it to
add (or remove) these types of restrictions.

'mod Ticket-id uses integer-or-0' will make the ticket only valid the specified number of times. Use 0 to remove this restriction.

'mod Ticket-id write-file integer-or-0' will make the write-ticket only valid for writing the specified number of times. Use 0 to remove this restriction.

'mod Ticket-id write-byte integer-or-0' will make the write-ticket only valid for writing the specified number of bytes. Use 0 to remove this restriction.

'mod Ticket-id add/remove user Username' will make the ticket only valid when used by that particular iRODS user. You can use multiple mod commands to add more users to the allowed list.

'mod Ticket-id add/remove group Groupname' will make the ticket only valid when used by iRODS users in that particular iRODS group. You can use multiple mod commands to add more groups to the allowed list.

'mod Ticket-id add/remove host Host/IP' will make the ticket only valid when used from that particular host computer. Host (full DNS name) will be converted to the IP address for use in the internal checks or you can enter the IP address itself. 'iticket ls' will display the IP addresses. You can use multiple mod commands to add more hosts to the list.

'mod Ticket-id expire date.time-or-0' will make the ticket only valid before the specified date-time. You can cancel this expiration by using '0'. The time is year-mo-da.hr:min:sec, for example: 2012-05-07.23:00:00

The Ticket-id is either the ticket object number or the ticket-string

ls

 ls [Ticket_string-or-id]
List the tickets owned by you or, for admin users, all tickets.
Include a ticket-string or the ticket-id (object number) to list only one
(in this case, a numeric string is assumed to be an id).

ls-all

 ls-all
Similar to 'ls' (with no ticket string-or-id) but will list all of your
tickets even if the target collection or data-object no longer exists.

delete

 delete Ticket-string
Remove a ticket from the system.  Access will no longer be allowed
via the ticket-string.

quit

 Exits the interactive mode