For OSG, we have created the "xrootd-multiuser" plugin, a SFS plugin that does per-thread switching of the fsid (mapping the name in the XrdSecEntity to the UID of the corresponding Unix username) prior to doing IO operations.  It's served us well internally and is starting to get the attention of other sites that run Xrootd on top of POSIX storage (for example, Florida).

The package (https://github.com/bbockelm/xrootd-multiuser) consists of a SFS plugin that wraps around the native SFS implementation and a set of systemd units that startup Xrootd with the appropriate privileges to invoke setfsuid.  There is a build and runtime dependency on libcap, which is a fairly common base library.

I think it's time to upstream this plugin.  As with xrootd-macaroons, there's a question of whether it should be a standalone package or part of Xrootd base.  Unlike xrootd-macaroons, I don't have as strong an opinion as I feel the scope is a bit more narrow.

Thoughts?

Brian