Add support for running as root and 'multiuser' mode #51
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This renames the (previously hidden) multiuser option to be underneath the `Origin` configuration key. Further, we add a configuration test to see if we have sufficient capabilities to launch xrootd/cmsd in multiuser mode.
Where possible, if run by root, the mode for created directories should be 0750 with the ownership of root:xrootd. This means that the root user can change the resulting files but xrootd can still read it. A notable exception is the TLS key file which xrootd rejects if it is group-readable.
1.20 introduces the idea of a `Cause` in a context cancellation, used for passing errors from the subprocesses in xrootd's Launcher.
Notably, since we updated to golang 1.20, this clears out a few deprecated usages. In particular, golang 1.20 will automatically seed the random number generator -- no need to do it explicitly anymore.
bbockelm
force-pushed
the
xrootd_multiuser
branch
from
b566d8f to
901419c
Compare
|
As discussed with @jhiemstrawisc, given the amount of details Linux domain knowledge required to review this request, I'm going to go ahead with the override + merge. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The 'multiuser' plugin allows the xrootd server to open files as a user, depending on the authorization of the request.
This PR updates Pelican to be able to run the daemon with the appropriate Linux capabilities (SETUID/SETGID) needed for making requests on behalf of other users.