It is a bit surprise. Here is what I have:
xrootd.seclib /usr/lib64/libXrdSec.so
sec.protocol /usr/lib64 unix
acc.authdb $(scriptspath)/auth_file
acc.authrefresh 300
ofs.authorize
and with your AuthFile
u * /xrootd lr
u root /xrootd a
Everyone (every remote user) should be able to read from /xrootd and only (remote) root can read-write. BTW, Xrootd use access control list. The above AuthFile reflect ACL rules.
The CNSd (composed name space, along with ofs.forward) is essentially a DB of what files are in an xrootd storage cluster. The format of the ³DB² is a directory tree with all the files. Of course, all those files there are empty holes. CNSd is kept there for rare, special use cases. The only use case I know is described here: http://wt2.slac.stanford.edu/xrootdfs/xrootdfs.html
regards,
--
Wei Yang | [log in to unmask] | 650-926-3338(O)
-----Original Message-----
From: <[log in to unmask]> on behalf of Heiko Schröter <[log in to unmask]>
Date: Friday, April 6, 2018 at 1:11 AM
To: xrootd-l <[log in to unmask]>
Subject: Re: read write permissions
>Hello,
>
>>> --> sec.protocol /usr/lib/xrootd unix
>> This is wrong. It should be something like:
>>
>> xrootd.seclib /usr/lib64/libXrdSec.so
>> sec.protocol /usr/lib64 unix
>Tried it, but it does not change a thing. Any user has r/w access to the
>file system.
>So i it would be nice when there would be a pointer to some docs or such
>how i can achieve the r/w permissions.
>I don't get it how xrootd decides between access to the "storage pool",
>or access permissions for a file/directory.
>
>>
>> Also, I am curious, we used the following lines a long time ago but stopped using since. Are you sure you need them?
>>> ofs.notify closew create mkdir mv rm rmdir trunc |
>>> /usr/bin/XrdCnsd -d -D 2 -i 90 -b $(xrdr):1095:$(inventory)
>>> ofs.notifymsg create $TID create $FMODE $LFN?$CGI
>>> ofs.notifymsg closew $TID closew $LFN $FSIZE
>I got this from a tutorial for setting up an Inventory. The inventory
>works. But i have to admit that i don't fully understand all the bits
>and pieces in the docs.
>
>Heiko
>
>########################################################################
>Use REPLY-ALL to reply to list
>
>To unsubscribe from the XROOTD-L list, click the following link:
>https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
|