Hi Patrick,

So, the answer to the first question is that if two rules can apply to the 
same person then the most restrictive rule is used.


-----Original Message----- 
From: Patrick McGuigan
Sent: Thursday, May 19, 2011 3:37 PM
To: xrootd-l
Subject: Re: auth_file precedence


I discovered the answer to the second question myself, as the xrootd daemon 
will not start
if there are multiple identifiers in the authentication DB file.


On 05/18/2011 06:21 PM, Patrick McGuigan wrote:
> Hello,
> I am playing around with some privileges in an authdb file when using the 
> unix security
> protocol and I have some questions as to precedence of entries in the 
> file.
> In the example of fungible paths, an example is given with:
> u * /xrd lr
> u = /xrd/users/@=/ a
> but in the header of the section there is a line that mentions:
> "The privileges associated with first prefix that matches an incoming path 
> name are
> considered to be the applicable privileges."
> Assuming that user bob want to write a file at /xrd/user/bob/somefile, why 
> is it that the
> second rule is used, rather than the first, since /xrd is a prefix that 
> matches?
> Additionally, can the same identifier be used multiple times?
> u bob /some/path lr
> u bob /some/path/additional a
> or cant this only be done as:
> u bob /some/path/additional a /some/path lr
> Regards,
> Patrick