Hi Andy,

indeed I did not yet provide what we actually want ;-).
Right now, we actually just do a chmod 755 on all directories, and a chmod 644 on all files created by xrootd, to allow users to read the files directory from the POSIX filesystem.

However, once there are improvements to our identity management system, we would like to use one of the following two solutions:

add ACLs granting a group access to the files and directories created by xrootd
use chown to give the files to a group (to which xrootd belongs), i.e. "the classic way"

Since ACLs are probably out of scope in any general solution (there is not even a common solution amongst all filesystems), I think the only things a general solution could provide are:

Specify default mode for directories and files created by xrootd (755, 644 or whatever a user needs)
Specify owner / group the created files / directories should belong to.

Of course, for 2 the administrator has to take care that xrootd itself can still access the files.

Does that sound reasonable?

Cheers,
Oliver

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@olifre in #649: Hi Andy,\r\n\r\nindeed I did not yet provide what we actually want ;-). \r\nRight now, we actually just do a `chmod 755` on all directories, and a `chmod 644` on all files created by xrootd, to allow users to read the files directory from the POSIX filesystem. \r\n\r\nHowever, once there are improvements to our identity management system, we would like to use one of the following two solutions:\r\n- add ACLs granting a group access to the files and directories created by xrootd\r\n- use chown to give the files to a group (to which xrootd belongs), i.e. \"the classic way\"\r\n\r\nSince ACLs are probably out of scope in any general solution (there is not even a common solution amongst all filesystems), I think the only things a general solution could provide are: \r\n1. Specify default mode for directories and files created by xrootd (755, 644 or whatever a user needs)\r\n2. Specify owner / group the created files / directories should belong to. \r\n\r\nOf course, for 2 the administrator has to take care that xrootd itself can still access the files. \r\n\r\nDoes that sound reasonable? \r\n\r\nCheers,\r\nOliver\r\n"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/649#issuecomment-431180078"}}} [ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/649#issuecomment-431180078", "url": "https://github.com/xrootd/xrootd/issues/649#issuecomment-431180078", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } }, { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB", "title": "Re: [xrootd/xrootd] Force permissions on files created by a xrootd server (#649)", "sections": [ { "text": "", "activityTitle": "**Oliver Freyermuth**", "activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png", "activitySubtitle": "@olifre", "facts": [ ] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 649,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "name": "Close issue", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 649\n}" }, { "targets": [ { "os": "default", "uri": "https://github.com/xrootd/xrootd/issues/649#issuecomment-431180078" } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 296169717\n}" } ], "themeColor": "26292E" } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1