I have two questions, one for Doug and one for Andy: Q for Doug: when you start xrootdfs, does the LD_LIBRARY_PATH include lib path to xrootd libs? Since you configured xrootd cluster to use security module. xrootdfs, as a client also need /opt/osg-v1.2.13/xrootd/lib in LD_LIBRARY_PATH Q for Andy: with auth file like this: u * /atlas lr u xrootd /atlas a which rule will be used for user xrootd? regards, Wei Yang | [log in to unmask] | 650-926-3338(O) On Oct 1, 2010, at 1:05 PM, [log in to unmask] via RT wrote: > > Queue/Owner: xrootd-bugs [new] Nobody > Requestors: <[log in to unmask]> > Ticket: https://www-rt.slac.stanford.edu/rt3/Ticket/Display.html?id=253795 > > Transaction: Ticket created by [log in to unmask] > > Hello , > > I would like to report some strange behavior. (It might be > a misconfiguration on my part). I am not able to delete > files using xrootfs > > Here is the error. > > [xrootd@atl003 osg-v1.2.13]$ rm > /xrootdfs/group10/perf-egamma/data10_7TeV/group10.perf-egamma.data10_7TeV.periodF1.physics_Egamma.PhysCont.NTUP_EGAMMA.v1.Filtr.1g1eORALL_v1/group10.perf-egamma.01879_000616._00011.NTUP.Filtred.periodF1_0.root > rm: cannot remove > `/xrootdfs/group10/perf-egamma/data10_7TeV/group10.perf-egamma.data10_7TeV.periodF1.physics_Egamma.PhysCont.NTUP_EGAMMA.v1.Filtr.1g1eORALL_v1/group10.perf-egamma.01879_000616._00011.NTUP.Filtred.periodF1_0.root': > Permission denied > [xrootd@atl003 osg-v1.2.13]$ ls -l > /xrootdfs/group10/perf-egamma/data10_7TeV/group10.perf-egamma.data10_7TeV.periodF1.physics_Egamma.PhysCont.NTUP_EGAMMA.v1.Filtr.1g1eORALL_v1/group10.perf-egamma.01879_000616._00011.NTUP.Filtred.periodF1_0.root > -rw-rw-rw- 1 xrootd xrootd 1230413299 Sep 28 17:27 > /xrootdfs/group10/perf-egamma/data10_7TeV/group10.perf-egamma.data10_7TeV.periodF1.physics_Egamma.PhysCont.NTUP_EGAMMA.v1.Filtr.1g1eORALL_v1/group10.perf-egamma.01879_000616._00011.NTUP.Filtred.periodF1_0.root > > I apologize for the very long paths. > > The user running the xrootd is xrootd. > > xrootdfs is running on the redirector node - > > Here are the xrootdfs environmental variables - > export XROOTDFS_RDRURL=root://atl003.phy.duke.edu:1094//atlas > export XROOTDFS_FASTLS="RDR" > export XROOTDFS_USER=xrootd > MOUNT_POINT=/xrootdfs > $dir/xrootdfsd $MOUNT_POINT -o allow_other,fsname=xrootdfs,max_write=131072 > > Here is the xrootd config file from the redirector node and the data nodes: > ----------------------------------------------------- > set thishostname=$HOSTNAME > set xrootdlocation = /opt/osg-v1.2.13/xrootd > set xrdr = atl003.phy.duke.edu > all.export /atlas > all.adminpath ${xrootdlocation}/var/admin > all.manager $(xrdr):1213 > cms.allow host *.phy.duke.edu > > xrootd.fslib ${xrootdlocation}/lib/libXrdOfs.so > > if $(xrdr) && named cns > all.export /atlas/inventory > xrd.port 1095 > else if $(xrdr) > xrd.port 1094 > all.role manager > else > xrd.port 1093 > all.role server > xrootd.chksum max 3 adler32 ${xrootdlocation}/bin/xrdadler32 > #set osscachepath = /atlas > #oss.cache public $(osscachepath)/* xa > oss.usage log ${xrootdlocation}/var/admin > # ENABLE_SECURITY_WITHOUT_CNSD_BEGIN > xrootd.seclib /opt/osg-v1.2.13/xrootd/lib/libXrdSec.so > # this specify that we use the 'unix' authentication module, additional one can be specified. > sec.protocol /opt/osg-v1.2.13/xrootd/lib unix > # this is the authorization file > acc.authdb /opt/osg-v1.2.13/xrootd/etc/auth_file > ofs.authorize > sec.protbind *.phy.duke.edu unix > # ENABLE_SECURITY_WITHOUT_CNSD_END > ofs.notify closew create mkdir mv rm rmdir trunc | $(xrootdlocation)/bin/XrdCnsd -d -D 2 -i 90 -b atl003.phy.duke.edu:1095:/atlas/inventory > # ofs.notify closew create mkdir mv rm rmdir trunc | $(xrootdlocation)/bin/XrdCnsd -d -D 2 -i 90 -b /atlas/inventory > fi > --------------------------------------------------------- > Here is the auth file - > --------------------------------------------------------- > # This means that all the users have read access to the datasets > u * /atlas lr > > # This means that all the users have full access to their private dirs > u = /atlas/local/@=/ a > > # This means that this privileged user can do everything > # You need at least one user like that, in order to create the > # private dir for each user willing to store his data in the facility > u xrootd /atlas a > -------------------------------------------------------- > > Regards, > > Doug Benjamin > > >