xrdfs 4.8.2 removes files even when security is in place. Tested with sec.protocol unix and sss. No feedbacks in the logs of data server. Access is logged on redirector only. Expected behaviour would be that xrdfs does not rm file when not permitted in Authfile. Is this a bug or misconfiguration ? Authfile: u * /xrootd lr u root /xrootd lr u schroete /xrootd/myTestDir a Copy a file as user schroete: ~# XrdSecDEBUG=1 xrdcp Adapter_28022018.tgz root://glogin1//xrootd/myTestDir/test.dat sec_Client: protocol request for host 192.168.16.122 token='&P=unix' sec_PM: Loaded unix protocol object from libXrdSecunix.so sec_PM: Using unix protocol, args='' [45.08MB/45.08MB][100%][==================][45.08MB/s] Remove file as schroete2,root or any other user on that client machine: (Also it looks that the user name is truncated to 8 chars) ~# xrdfs glogin1 rm /xrootd/myTestDir/test.dat Log Entry Data Server: 180413 12:52:50 1243 XrdInet: Accepted connection from [log in to unmask] 180413 12:52:50 1243 XrdProtocol: matched protocol xrootd 180413 12:52:50 1243 ?:7@qc01 XrdPoll: FD 7 attached to poller 0; num=1 180413 12:52:50 1245 XrdSched: running main accept inq=0 180413 12:52:50 1243 ?:7@qc01 XrootdProtocol: 0000 req=login dlen=97 180413 12:52:50 1243 schroete.22072:7@qc01 XrootdResponse: 0000 sending 16 data bytes 180413 12:52:50 1243 XrootdXeq: schroete.22072:7@qc01 pvt IPv4 login 180413 12:52:50 1243 schroete.22072:7@qc01 XrootdProtocol: 0100 req=rm dlen=26 180413 12:52:50 1243 schroete.22072:7@qc01 ofs_remove: f fn=/xrootd/myTestDir/test.dat 180413 12:52:50 1243 schroete.22072:7@qc01 XrootdProtocol: 0100 rc=0 rm /xrootd/myTestDir/test.dat 180413 12:52:50 1243 schroete.22072:7@qc01 XrootdResponse: 0100 sending OK 180413 12:52:50 1243 XrootdXeq: schroete.22072:7@qc01 disc 0:00:00 180413 12:52:50 1243 schroete.22072:7@qc01 XrdPoll: FD 7 detached from poller 0; num=0 xrootd.cf: xrd.timeout hail 30 idle 0 kill 3 read 5 all.export /xrootd set xrdr=glogin1.iup.uni-bremen.de set inventory=/var/log/xrootd/inventory all.manager $(xrdr):3121 cms.allow host *.iup.uni-bremen.de if $(xrdr) && named cns all.export $(inventory) xrd.port 1095 else if $(xrdr) all.role manager oss.defaults rw xrd.port 1094 else all.role server ofs.notify closew create mkdir mv rm rmdir trunc | /usr/bin/XrdCnsd -d -D 2 -i 90 -b $(xrdr):1095:$(inventory) ofs.notifymsg create $TID create $FMODE $LFN?$CGI ofs.notifymsg closew $TID closew $LFN $FSIZE xrootd.seclib /usr/lib/libXrdSec.so sec.protocol unix acc.authdb /etc/xrootd/Authfile acc.authrefresh 60 ofs.authorize cms.space min 100g 110g fi -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/687 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1