[Add xrootd mailing list] Hi Gregory, Please post questions to the mailing list instead of sending private mail... (Others often have better answers than I might, or might have the same questions, etc.) Thanks. On Wed, Dec 01, 2004 at 06:35:40PM +0100, Gregory Schott wrote: > During our GridKa meeting today, one has raised the question about > xrootd file access when other experiements are also using xrootd. > > Jean-Yves Nief, advised me that the user running xrootd (and we decided, > at GridKa, to create a xrootd user for the purpose of starting xrootd and > olbd) and the owner of the data on the data servers belong to a common > group... ideally that the root files are owned by the xrootd user in order > to ensure data access. I would actually say that the daemon user should always be identical to the owner of the files, not just in the same group. (The daemons should never run as root.) If you ever set things up such that daemon is actually able to retrieve files from elsewhere (from mass storage, from another site, ...) and not just serve the files you have put down on disk already that will be more natural, IMO. > The question concerns the case when xrootd is also used by another > experiment; how the permissions may be setup that babar data is only > accessible by babar users? Via the xrootd configuration files? How is it > done at IN2P3? Personally I suspect that others aren't likely to learn too much, even if they _can_ read our (BaBar's) data files... ;-) Anyway, there is a manual about the security/access control: http://xrootd.slac.stanford.edu/doc/sec_config/sec_config.htm I'll stop there as Andy/Gerri and others can probably say more correct things than I can. Pete ------------------------------------------------------------------------- Peter Elmer E-mail: [log in to unmask] Phone: +41 (22) 767-4644 Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, Switzerland -------------------------------------------------------------------------