Hi,

So, first, this allows the user schroete to remove a file in /xrootd/myTestDir, right?

u schroete /xrootd/myTestDir a

Here, the removal is logged:

180413 12:52:50 1243 schroete.22072:7@qc01 ofs_remove: f fn=/xrootd/myTestDir/test.dat

However, the entry schroete.22072:7@qc01 is simply a connection identifier, not the actual logged-in name. The login name is controlled by the security protocol:

sec.protocol unix

Unix security protocol configures the server to allow the remote user to declare its username without any checks or other authentication. In this case, the code paths are the same as the identitifier -- the client believes it is user schroete, as it is resolving the passwd entity for the UID returned by geteuid().

In other words, the client-side believes that it is user schroete in the log snippet you provide, the server is configured to completely trust the client, and user schroete is authorized to delete files. Seems the behavior is consistent with the configuration.

Are you sure you are switching users appropriately?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@bbockelm in #687: Hi,\r\n\r\nSo, first, this allows the user `schroete` to remove a file in `/xrootd/myTestDir`, right?\r\n```\r\nu schroete /xrootd/myTestDir a\r\n```\r\n\r\nHere, the removal is logged:\r\n```\r\n180413 12:52:50 1243 schroete.22072:7@qc01 ofs_remove: f fn=/xrootd/myTestDir/test.dat\r\n```\r\n\r\nHowever, the entry `schroete.22072:7@qc01` is simply a connection identifier, not the actual logged-in name. The login name is controlled by the security protocol:\r\n\r\n```\r\nsec.protocol unix\r\n```\r\n\r\nUnix security protocol configures the server to allow the remote user to declare its username without any checks or other authentication. In this case, the code paths are the same as the identitifier -- the client believes it is user `schroete`, as it is resolving the passwd entity for the UID returned by `geteuid()`.\r\n\r\nIn other words, the client-side believes that it is user `schroete` in the log snippet you provide, the server is configured to completely trust the client, and user `schroete` is authorized to delete files. Seems the behavior is consistent with the configuration.\r\n\r\nAre you sure you are switching users appropriately?"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/687#issuecomment-381118955"}}}

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1