Just to chime in (I'm more "user" / sysadmin than developer here):
I would indeed expect the group field to be filled with the data from the VOMS extension as it is provided, i.e. starting with a '/'. Space-separated if multiple groups are present sounds consistent.
Summarizing, this seems to be compatible with XrdLcmaps
and the existing VOMS plugin for the xrootd protocol.
So if I see it correctly, if xrdhttpvoms
fills the group field like that, all existing plugins would fill the group field in the same way, allowing for a common authdb
with xrootd < 4.7.
For xrootd >= 4.7, one would likely prefer to use o
and r
to adjust permissions in a more fine-grained manner (i.e. only atlas people / robots with production role are allowed to write to the rucio data disks).
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@olifre in #566: Just to chime in (I'm more \"user\" / sysadmin than developer here):\r\nI would indeed expect the group field to be filled with the data from the VOMS extension as it is provided, i.e. starting with a '/'. Space-separated if multiple groups are present sounds consistent. \r\n\r\nSummarizing, this seems to be compatible with `XrdLcmaps` and the existing VOMS plugin for the xrootd protocol. \r\n\r\nSo if I see it correctly, if `xrdhttpvoms` fills the group field like that, all existing plugins would fill the group field in the same way, allowing for a common `authdb` with xrootd \u003c 4.7. \r\nFor xrootd \u003e= 4.7, one would likely prefer to use `o` and `r` to adjust permissions in a more fine-grained manner (i.e. only atlas people / robots with production role are allowed to write to the rucio data disks). "}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/566#issuecomment-323798600"}}}
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1