I have two questions, one for Doug and one for Andy:
Q for Doug: when you start xrootdfs, does the LD_LIBRARY_PATH include lib path to xrootd libs? Since you configured xrootd cluster to use security module. xrootdfs, as a client also need /opt/osg-v1.2.13/xrootd/lib in LD_LIBRARY_PATH
Q for Andy: with auth file like this:
u * /atlas lr
u xrootd /atlas a
which rule will be used for user xrootd?
regards,
Wei Yang | [log in to unmask] | 650-926-3338(O)
On Oct 1, 2010, at 1:05 PM, [log in to unmask] via RT wrote:
>
> Queue/Owner: xrootd-bugs [new] Nobody
> Requestors: <[log in to unmask]>
> Ticket: https://www-rt.slac.stanford.edu/rt3/Ticket/Display.html?id=253795
>
> Transaction: Ticket created by [log in to unmask]
>
> Hello ,
>
> I would like to report some strange behavior. (It might be
> a misconfiguration on my part). I am not able to delete
> files using xrootfs
>
> Here is the error.
>
> [xrootd@atl003 osg-v1.2.13]$ rm
> /xrootdfs/group10/perf-egamma/data10_7TeV/group10.perf-egamma.data10_7TeV.periodF1.physics_Egamma.PhysCont.NTUP_EGAMMA.v1.Filtr.1g1eORALL_v1/group10.perf-egamma.01879_000616._00011.NTUP.Filtred.periodF1_0.root
> rm: cannot remove
> `/xrootdfs/group10/perf-egamma/data10_7TeV/group10.perf-egamma.data10_7TeV.periodF1.physics_Egamma.PhysCont.NTUP_EGAMMA.v1.Filtr.1g1eORALL_v1/group10.perf-egamma.01879_000616._00011.NTUP.Filtred.periodF1_0.root':
> Permission denied
> [xrootd@atl003 osg-v1.2.13]$ ls -l
> /xrootdfs/group10/perf-egamma/data10_7TeV/group10.perf-egamma.data10_7TeV.periodF1.physics_Egamma.PhysCont.NTUP_EGAMMA.v1.Filtr.1g1eORALL_v1/group10.perf-egamma.01879_000616._00011.NTUP.Filtred.periodF1_0.root
> -rw-rw-rw- 1 xrootd xrootd 1230413299 Sep 28 17:27
> /xrootdfs/group10/perf-egamma/data10_7TeV/group10.perf-egamma.data10_7TeV.periodF1.physics_Egamma.PhysCont.NTUP_EGAMMA.v1.Filtr.1g1eORALL_v1/group10.perf-egamma.01879_000616._00011.NTUP.Filtred.periodF1_0.root
>
> I apologize for the very long paths.
>
> The user running the xrootd is xrootd.
>
> xrootdfs is running on the redirector node -
>
> Here are the xrootdfs environmental variables -
> export XROOTDFS_RDRURL=root://atl003.phy.duke.edu:1094//atlas
> export XROOTDFS_FASTLS="RDR"
> export XROOTDFS_USER=xrootd
> MOUNT_POINT=/xrootdfs
> $dir/xrootdfsd $MOUNT_POINT -o allow_other,fsname=xrootdfs,max_write=131072
>
> Here is the xrootd config file from the redirector node and the data nodes:
> -----------------------------------------------------
> set thishostname=$HOSTNAME
> set xrootdlocation = /opt/osg-v1.2.13/xrootd
> set xrdr = atl003.phy.duke.edu
> all.export /atlas
> all.adminpath ${xrootdlocation}/var/admin
> all.manager $(xrdr):1213
> cms.allow host *.phy.duke.edu
>
> xrootd.fslib ${xrootdlocation}/lib/libXrdOfs.so
>
> if $(xrdr) && named cns
> all.export /atlas/inventory
> xrd.port 1095
> else if $(xrdr)
> xrd.port 1094
> all.role manager
> else
> xrd.port 1093
> all.role server
> xrootd.chksum max 3 adler32 ${xrootdlocation}/bin/xrdadler32
> #set osscachepath = /atlas
> #oss.cache public $(osscachepath)/* xa
> oss.usage log ${xrootdlocation}/var/admin
> # ENABLE_SECURITY_WITHOUT_CNSD_BEGIN
> xrootd.seclib /opt/osg-v1.2.13/xrootd/lib/libXrdSec.so
> # this specify that we use the 'unix' authentication module, additional one can be specified.
> sec.protocol /opt/osg-v1.2.13/xrootd/lib unix
> # this is the authorization file
> acc.authdb /opt/osg-v1.2.13/xrootd/etc/auth_file
> ofs.authorize
> sec.protbind *.phy.duke.edu unix
> # ENABLE_SECURITY_WITHOUT_CNSD_END
> ofs.notify closew create mkdir mv rm rmdir trunc | $(xrootdlocation)/bin/XrdCnsd -d -D 2 -i 90 -b atl003.phy.duke.edu:1095:/atlas/inventory
> # ofs.notify closew create mkdir mv rm rmdir trunc | $(xrootdlocation)/bin/XrdCnsd -d -D 2 -i 90 -b /atlas/inventory
> fi
> ---------------------------------------------------------
> Here is the auth file -
> ---------------------------------------------------------
> # This means that all the users have read access to the datasets
> u * /atlas lr
>
> # This means that all the users have full access to their private dirs
> u = /atlas/local/@=/ a
>
> # This means that this privileged user can do everything
> # You need at least one user like that, in order to create the
> # private dir for each user willing to store his data in the facility
> u xrootd /atlas a
> --------------------------------------------------------
>
> Regards,
>
> Doug Benjamin
>
>
>
|