 |
 |
Hi, So, first, this allows the user `schroete` to remove a file in `/xrootd/myTestDir`, right? ``` u schroete /xrootd/myTestDir a ``` Here, the removal is logged: ``` 180413 12:52:50 1243 schroete.22072:7@qc01 ofs_remove: f fn=/xrootd/myTestDir/test.dat ``` However, the entry `schroete.22072:7@qc01` is simply a connection identifier, not the actual logged-in name. The login name is controlled by the security protocol: ``` sec.protocol unix ``` Unix security protocol configures the server to allow the remote user to declare its username without any checks or other authentication. In this case, the code paths are the same as the identitifier -- the client believes it is user `schroete`, as it is resolving the passwd entity for the UID returned by `geteuid()`. In other words, the client-side believes that it is user `schroete` in the log snippet you provide, the server is configured to completely trust the client, and user `schroete` is authorized to delete files. Seems the behavior is consistent with the configuration. Are you sure you are switching users appropriately? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/687#issuecomment-381118955 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1