 |
 |
I agree. The keyfile can be in a well known place. For those who cannot tolerate (or comply) to using the well known place they could specify it on the command line. As it is, the keyfile should only be readable by the user running as xrootdfs (sss refuses to use the keyfile if that isn't the case). Practically, all such sensitive information is already publicly known (e.g. kerberos ticket location). So, adding a veil of obscurity probably isn't going to help much. Andy On Tue, 3 May 2011, Doug BENJAMIN wrote: > Hi, > > I am not really sure that it is a good idea to have the reference to key > file. What if the key file had a standard name > and was in /var/spool/xrootd/ ... > Doug > > Yang, Wei wrote: >> Hi Brian, Lukasz, >> >> Everything can be passed as command line parameters except the "sss" key >> file. I don't want to list the key file in the command line and invite >> other to hack on it. Of course, this can all be changed if the concern >> isn't valid. >> >> regards, >> Wei Yang | [log in to unmask] | 650-926-3338(O) >> >> >> On May 3, 2011, at 6:17 AM, Brian Bockelman wrote: >> >> >>> Hi Wei, >>> >>> Integrating with fstab is pretty easy. For example, you add a line like >>> this to /etc/fstab: >>> >>> hdfs /mnt/hadoop fuse >>> server=hadoop-name,port=9000,rdbuffer=32768,allow_other 0 0 >>> >>> In general, >>> >>> PROG_NAME MOUNT_POINT fuse OPTIONS 0 0 >>> >>> Then, fuse will execute the following: >>> >>> /usr/bin/$PROG_NAME $MOUNT_POINT $OPTIONS >>> >>> In my case, it was: >>> >>> /usr/bin/hdfs /mnt/hadoop -o >>> rw,server=hadoop-name,port=9000,rdbuffer=32768,allow_other >>> >>> Brian >>> >>> On May 3, 2011, at 12:39 AM, Yang, Wei wrote: >>> >>> >>>> think about it again, I think if we put it in fstab, it will probably >>>> hard to define those xrootdfs and/or fuse options and env vars. I tried >>>> fstab before and will take a look at it again. For now it is probably >>>> easier to just use a init.d script. >>>> >>>> regards, >>>> Wei Yang | [log in to unmask] | 650-926-3338(O) >>>> >>>> >>>> >>>> >>>> On May 2, 2011, at 1:48 PM, Brian Bockelman wrote: >>>> >>>> >>>>> Follow-up Comment #1, bug #81761 (project xrootd): >>>>> >>>>> Wait - >>>>> Isn't xrootdfs the fuse mount for xrootd? Why not just make it >>>>> compatible >>>>> with fstab? This is the approach we took with HDFS. >>>>> As a sysadmin, I would prefer the fstab approach. Creating an init >>>>> script to >>>>> mount filesystems seems to go in the wrong direction. >>>>> >>>>> Brian >>>>> >>>>> _______________________________________________________ >>>>> >>>>> Reply to this item at: >>>>> >>>>> <http://savannah.cern.ch/bugs/?81761> >>>>> >>>>> _______________________________________________ >>>>> Message sent via/by LCG Savannah >>>>> http://savannah.cern.ch/ >>>>> >>>>> >> >>