[Add xrootd mailing list]
Hi Gregory,
Please post questions to the mailing list instead of sending private
mail... (Others often have better answers than I might, or might have
the same questions, etc.) Thanks.
On Wed, Dec 01, 2004 at 06:35:40PM +0100, Gregory Schott wrote:
> During our GridKa meeting today, one has raised the question about
> xrootd file access when other experiements are also using xrootd.
>
> Jean-Yves Nief, advised me that the user running xrootd (and we decided,
> at GridKa, to create a xrootd user for the purpose of starting xrootd and
> olbd) and the owner of the data on the data servers belong to a common
> group... ideally that the root files are owned by the xrootd user in order
> to ensure data access.
I would actually say that the daemon user should always be identical to the
owner of the files, not just in the same group. (The daemons should never run
as root.) If you ever set things up such that daemon is actually able to
retrieve files from elsewhere (from mass storage, from another site, ...) and
not just serve the files you have put down on disk already that will be more
natural, IMO.
> The question concerns the case when xrootd is also used by another
> experiment; how the permissions may be setup that babar data is only
> accessible by babar users? Via the xrootd configuration files? How is it
> done at IN2P3?
Personally I suspect that others aren't likely to learn too much, even
if they _can_ read our (BaBar's) data files... ;-)
Anyway, there is a manual about the security/access control:
http://xrootd.slac.stanford.edu/doc/sec_config/sec_config.htm
I'll stop there as Andy/Gerri and others can probably say more correct
things than I can.
Pete
-------------------------------------------------------------------------
Peter Elmer E-mail: [log in to unmask] Phone: +41 (22) 767-4644
Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, Switzerland
-------------------------------------------------------------------------
