Proof with no super-user rights?

ROOT
1

Hi,

I am trying to setup a PROOF test cluster. From my understanding, one should
be able to run the daemon without super-user rights.
However, when I try this using one account (cmsana) to run xrootd and tconnect with a different account, the service fails to set the ownership of the
proofbox:
070607 15:10:44 15728 XrdInet: Accepted connection from
uhh-cms013.desy.de
070607 15:10:44 15728 XrdSched: running ?:18@uhh-cms013 inq=0
070607 15:10:44 15728 XrdProtocol: matched protocol xproofd
070607 15:10:44 15728 ?:18@uhh-cms013 XrdPoll: FD 18 attached to poller 0; num=1
070607 15:10:44 15728 ?:18@uhh-cms013 xpd : 0000 Process: enter: instance: 0x5603f0
070607 15:10:44 15728 ?:18@uhh-cms013 xpd : 0000 Process2: enter: req id: 3101
070607 15:10:44 15728 ?:18@uhh-cms013 xpd : 0000 Login: enter
070607 15:10:44 15728 stadie.9746:18@uhh-cms013 xpd : Login: ClientID =stadie
070607 15:10:44 15728 xpd : AssertDir: cannot set user ownership on path (errno: 1)
070607 15:10:44 15728 stadie.9746:18@uhh-cms013 xpd : 0000 Login: unable to create work dir: /data/proofbox/stadie

Is there a way around this problem without using a privileged account?

Thanks a lot for your help,
Hartmut.

ps: I use proof from root v5.15.06.

2

Dear Hartmut,

Currently PROOF uses the unix file system to insure privacy of the user sandbox. Therefore an unprivileged daemon can serve only the user under which credentials is running.

So, I am afraid that for the moment there is no work around other than starting the daemon as ‘stadie’.

But you are not the first one to ask to be able to have different user served by an unprivileged daemon; we will consider adding an option to do that.

Gerri Ganis

3

Dear Harmut,

For your information, we have now added in CVS the possibility for a non-privileged server to serve many user.

You have to add in your xpd.cf the directive

xpd.multiuser 1

The user sandboxes will be created under / where is the path defined by xpd.workdir and is the username. They are owned by the user owning the xrootd process.

Let me know if you give a try.
The first tagged releas with this feature will be 5.17/02 foreseen for middle August.

G. Ganis