So, the answer to the first question is that if two rules can apply to the
same person then the most restrictive rule is used.
From: Patrick McGuigan
Sent: Thursday, May 19, 2011 3:37 PM
Subject: Re: auth_file precedence
I discovered the answer to the second question myself, as the xrootd daemon
will not start
if there are multiple identifiers in the authentication DB file.
On 05/18/2011 06:21 PM, Patrick McGuigan wrote:
> I am playing around with some privileges in an authdb file when using the
> unix security
> protocol and I have some questions as to precedence of entries in the
> In the example of fungible paths, an example is given with:
> u * /xrd lr
> u = /xrd/users/@=/ a
> but in the header of the section there is a line that mentions:
> "The privileges associated with first prefix that matches an incoming path
> name are
> considered to be the applicable privileges."
> Assuming that user bob want to write a file at /xrd/user/bob/somefile, why
> is it that the
> second rule is used, rather than the first, since /xrd is a prefix that
> Additionally, can the same identifier be used multiple times?
> u bob /some/path lr
> u bob /some/path/additional a
> or cant this only be done as:
> u bob /some/path/additional a /some/path lr