 |
 |
Hi Oliver, Some time back they had a plugin that used Linux system calls to allow a process to test/set access/ownerwhip without becomming the actual user. It controlled by a specific privilege setting and doesn't require the process to run as root. Though having this privilege comes pretty close to that. That would be the direction we would take as we know it works within the xroot ecosystem. As for EOS, they have designed a complete filesystem prtty much from the ground up. So, they can do all these things because their filesystem has those capabilities. That part does not affect xrootd per se as it's all done at filesystem level. Andy On Mon, 14 Aug 2017, Oliver Freyermuth wrote: > Dear Andrew, > > Am 10.08.2017 um 22:15 schrieb Andrew Hanushevsky: >> +++The current scope would allow you to export ownership as well as to record it. The ACL part is difficult because there really is no standard. That would mean designing a new ACL plugin that would be specific to each file system and that's a lot of work. > That's perfect! The reason for my asking this was actually twofold. > First, this likely means a conceptual change, since xrootd (or part of it) then needs to stay running privileged to be allowed to chown() files, while right now it can run as dedicated xrootd user. > Second, it seems CERN already has something like this in place (or they emulate it)... If I do (using Kerberos V auth): > xrdcp some_local.file root://eosuser.cern.ch//eos/user/<letter>/<fullusername>/some_dest_file > the file "some_dest_file" is created on EOS as my user with my user group (albeit the file mode is always "0644" no matter the source file). > Do you happen to know which technique they use to facilitate this basic ownership mapping? > > Cheers, many thanks and all the best, > Oliver > > -- > Oliver Freyermuth > Universität Bonn > Physikalisches Institut, Raum 1.047 > Nußallee 12 > 53115 Bonn > -- > ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1