LISTSERV 16.5 - XROOTD-L Archives

  Hi Fons,

On Thu, Aug 19, 2004 at 01:27:52PM +0200, Fons Rademakers wrote:
>  so when starting xrootd you specify the file space to be exported and
> then you can only open files via full pathnames into that file space.
> Correct?

   That is correct.

   There is an example of a few of the basic configuration options here:

   http://xrootd.slac.stanford.edu/examples/oneserver/index.html

                                   Pete

> On Wed, 2004-08-18 at 22:52, [log in to unmask] wrote:
> > Hi Fons,
> > 
> > Yes, the security heads here are rather strict. No default should expose any
> > data is the general rule. So, the only thing left to export is /tmp. As Pete
> > pointed out, you can simply specify the path on the command line. If you
> > want to export your home directory, then saying "xrootd ~" is sufficent (the
> > shell expands the tilde). In general, no relative paths are allowed. Xrootd
> > even prohibits clients from using relative paths to access data.
> > Historically, that proved to be the easiest way of getting to data that you
> > weren't supposed to get to.
> > 
> > Andy
> > 
> > ----- Original Message ----- 
> > From: "Peter Elmer" <[log in to unmask]>
> > To: "Fons Rademakers" <[log in to unmask]>
> > Cc: <[log in to unmask]>; <[log in to unmask]>;
> > <[log in to unmask]>; "Alvise Dorigo" <[log in to unmask]>;
> > "Fulvio Galeazzi" <[log in to unmask]>; "Andrew Hanushevsky"
> > <[log in to unmask]>; "Jean-Yves Nief" <[log in to unmask]>; "Akram Khan"
> > <[log in to unmask]>; "Guglielmo De Nardo" <[log in to unmask]>;
> > "Gerardo Ganis" <[log in to unmask]>
> > Sent: Wednesday, August 18, 2004 5:39 AM
> > Subject: Re: xrootd meeting - Tuesday, 17 August, 2004
> > 
> > 
> > > On Wed, Aug 18, 2004 at 02:25:49PM +0200, Fons Rademakers wrote:
> > > > Yes, I get an error message from TXUrl. Gerri can you maybe check this
> > > > and fix it so that localhost works again in the rootd url?
> > > >
> > > > Other question, how do I start xrootd so that is assumes relative paths
> > > > to start in the users home directory? Now default is /tmp.
> > >
> > >   Which user? The one which started xrootd or the one accessing files?
> > >
> > >   xrootd behaves differently that rootd in this respect. It doesn't assume
> > > that paths start in /tmp by default, it only allows access to /tmp by
> > default.
> > > I've recently started to add some example configurations to describe some
> > > things:
> > >
> > >   http://xrootd.slac.stanford.edu/examples/
> > >
> > > but the short answer is that you can export other area (e.g. like /data)
> > with
> > > either a line in the config file:
> > >
> > > xrootd.export /data
> > >
> > > or by starting xrootd as:
> > >
> > > xrootd /data
> > >
> > > I don't think it takes a "*" (obviously very insecure).
> > >
> > >   There is a separate option "oss.localroot" which allows for a _global_
> > > server side prefix to all paths, i.e. a file at /mnt/temp/path/myfile.root
> > > with:
> > >
> > > oss.localroot /mnt/temp
> > >
> > > will be accessed as
> > >
> > >    root://host:port//path/myfile.root
> > >
> > >   I'm not actually surt how it will behave for relative paths:
> > >
> > >    root://host:port/myfile.root                    *
> > >
> > > or for
> > >
> > >    root://host:port/~elmer/myfile.root
> > >    root://host:port/~/myfile.root                  *
> > >
> > > This is what you are asking about, is that correct? Could you remind me
> > > exactly what is done by rootd in the two cases marked with an "*"? (i.e.
> > > relative path WRT what and "~" means which user?)
> > >
> > >                                    Pete
> > >
> > >
> > >
> > > > On Wed, 2004-08-18 at 11:24, Peter Elmer wrote:
> > > > >   Hi Fons,
> > > > >
> > > > > On Tue, Aug 17, 2004 at 12:48:43PM +0200, Fons Rademakers wrote:
> > > > > >   the rule in TFile::Open for opening via rootd currently is:
> > > > > >
> > > > > >     "If the url points to the localhost and the file will be opened
> > in
> > > > > >      readonly mode and the current user has read access or the
> > specified
> > > > > >      user is equal to the current user then open local TFile."
> > > > > >
> > > > > > This feature is specially important for PROOF where we access files
> > > > > > always via rootd urls (so any worker can access any file) but where
> > the
> > > > > > packetizer optimizes the work so that the workers mostly will get
> > local
> > > > > > files. Using the above feature these local files will be opened
> > directly
> > > > > > as TFile's and won't go through rootd. To force a local file to be
> > > > > > opened via rootd specify as host "localhost". If TXUrl this also
> > > > > > supports then we will have the same behavior. If this "localhost"
> > > > > > feature is supported by netx/xrootd then we can always use that as
> > > > > > "backdoor" to test xrootd on the same machine as where the client
> > runs.
> > > > >
> > > > >   Yes, the "localhost" option was in fact what Alvise and Fabrizio
> > were
> > > > > using themselves for this purpose. I've still not succeeded in
> > building
> > > > > the HEAD, but is the issue you are seeing related to the "in or out
> > domain"
> > > > > checks? That is what I was seeing with the last XTNetFile version
> > before
> > > > > they began the migration to TXNetFile.



-------------------------------------------------------------------------
Peter Elmer     E-mail: [log in to unmask]      Phone: +41 (22) 767-4644
Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, Switzerland
-------------------------------------------------------------------------