Hi, I am a bit puzzled concerning the configuration of my XRootD server running v4.11.2-1 when I try to enable http with voms authentication. The following packages are installed: xrootd-4.11.2-1.el7.x86_64 xrootd-client-4.11.2-1.el7.x86_64 xrootd-client-libs-4.11.2-1.el7.x86_64 xrootd-libs-4.11.2-1.el7.x86_64 xrootd-selinux-4.11.2-1.el7.noarch xrootd-server-4.11.2-1.el7.x86_64 xrootd-server-libs-4.11.2-1.el7.x86_64 voms-2.0.15-1.el7.x86_64 voms-clients-cpp-2.0.15-1.el7.x86_64 vomsxrd-0.3.0-1.el7.cern.x86_64 xrdhttpvoms-0.2.5-2.el7.x86_64 and I have the following configuration files: ================================================= $ cat xrootd_server_grid.cfg xrd.port 1094 xrd.protocol xrootd * [...] all.export /xrootd/in2p3.fr/disk/juno nolock r/w if exec xrootd xrd.protocol http:1094 /usr/lib64/libXrdHttp.so http.exthandler xrdtpc /usr/lib64/libXrdHttpTPC.so http.secxtractor /usr/lib64/libXrdHttpVOMS.so http.header2cgi Authorization authz http.cadir /etc/grid-security/certificates http.cert /etc/grid-security/xrd/xrdcert.pem http.key /etc/grid-security/xrd/xrdkey.pem http.listingdeny yes http.trace all fi ofs.tpc fcreds gsi =X509_USER_PROXY ttl 60 70 xfr 20 autorm pgm /usr/share/xrootd/utils/xrdcp-tpc.sh xrootd.chksum adler32 /usr/share/xrootd/utils/xrdadler32-tpc.sh xrootd.seclib /usr/lib64/libXrdSec.so sec.protparm gsi -vomsfun:/usr/lib64/libXrdSecgsiVOMS-4.so -vomsfunparms:certfmt=pem|vos=juno|grps=/juno|grpopt=10|dbg sec.protocol /usr/lib64 gsi -dlgpxy:1 -exppxy:=creds -ca:1 -crl:3 -gridmap:/dev/null acc.audit deny acc.authdb /etc/xrootd/auth_file acc.authrefresh 60 ofs.authorize [...] $ cat auth_file g /juno /xrootd/in2p3.fr/disk/juno rwild /xrootd/in2p3.fr/tape/juno rwild ================================================= With my Juno proxy, I am able to read a file using xrdcp. However, using gfal-copy with the http protocol, it fails with: $ gfal-copy http://ccxrdli284.in2p3.fr:1094//xrootd/in2p3.fr/disk/juno/user/y/ycalas/testfile_dir/testfile_IN2P3-XROOTD.txt ti) gfal-copy error: 1 (Operation not permitted) - Could not stat the source: HTTP 403 : Permission refused It seems that the mapping is not done correctly (login as "nobody" user) as shown below. I wonder what is the tricky part to modify in my XRootD configuration file... ================================================= 201207 21:42:49 190911 ?:27@[xxx.xxx.xxx.xxx] sysXrdHttp: received dlen: 16 201207 21:42:49 190911 ?:27@[xxx.xxx.xxx.xxx] sysXrdHttp: received dump: 72 69 65 68 32 47 47 120 114 111 111 116 100 47 105 00 201207 21:42:49 190911 ?:27@[xxx.xxx.xxx.xxx] sysXrdHttp: Protocol matched. https: 0 201207 21:42:49 190911 ?:27@[xxx.xxx.xxx.xxx] sysXrdHttp: Process. lp:0x7fdfe80010d8 reqstate: 0 201207 21:42:49 190911 ?:27@[xxx.xxx.xxx.xxx] sysXrdHttp: Setting host: [xxx.xxx.xxx.xxx] 201207 21:42:49 190911 sysXrdHttp: getDataOneShot BuffAvailable: 1048576 maxread: 1048576 201207 21:42:49 190911 sysXrdHttp: read 237 of 1048576 bytes 201207 21:42:49 190911 sysXrdHttp: rc:96 got hdr line: HEAD //xrootd/in2p3.fr/disk/juno/user/y/ycalas/testfile_dir/testfile_IN2P3-XROOTD.txt HTTP/1.1 201207 21:42:49 190911 sysXrdHttp: Parsing first line: HEAD //xrootd/in2p3.fr/disk/juno/user/y/ycalas/testfile_dir/testfile_IN2P3-XROOTD.txt HTTP/1.1 201207 21:42:49 190911 sysXrdHttp: rc:55 got hdr line: User-Agent: gfal2-util/1.5.3 gfal2/2.18.1 neon/0.0.29 201207 21:42:49 190911 sysXrdHttp: rc:14 got hdr line: Keep-Alive: 201207 21:42:49 190911 sysXrdHttp: rc:24 got hdr line: Connection: Keep-Alive 201207 21:42:49 190911 sysXrdHttp: rc:14 got hdr line: TE: trailers 201207 21:42:49 190911 sysXrdHttp: rc:32 got hdr line: Host: yyyyyy.zzzz.fr:1094 201207 21:42:49 190911 sysXrdHttp: rc:2 got hdr line: 01207 21:42:49 190911 sysXrdHttp: rc:2 detected header end. 201207 21:42:49 190911 XrootdBridge: unknown.7:27@[xxx.xxx.xxx.xxx] login as nobody 201207 21:42:49 190911 unknown.7:27@[xxx.xxx.xxx.xxx] sysXrdHttp: Process. lp:0x7fdfe80010d8 reqstate: 0 201207 21:42:49 190911 unknown.7:27@[xxx.xxx.xxx.xxx] sysXrdHttp: Process is exiting rc:0 201207 21:42:49 190911 acc_Audit: http deny *@[xxx.xxx.xxx.xxx] stat /xrootd/in2p3.fr/disk/juno/user/y/ycalas/testfile_dir/testfile_IN2P3-XROOTD.txt 201207 21:42:49 190911 ofs_stat: unknown.7:27@[xxx.xxx.xxx.xxx] Unable to locate /xrootd/in2p3.fr/disk/juno/user/y/ycalas/testfile_dir/testfile_IN2P3-XROOTD.txt; permission denied ================================================= Any idea? Thanks, Yvan ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1