Hello,
I’m facing problem with my EOS instance getting it working for both CMS (gsi) and ALICE (token) experiments
Without ALICE token stuff in /etc/xrd.cf.mgm
i.e. lines commented :
# mgmofs.authlib /usr/lib64/libXrdAliceTokenAcc.so
# mgmofs.authorize 1
# alicetokenacc.noauthzhost localhost
# alicetokenacc.noauthzhost localhost.localdomain
then I have access to files using gsi :
[pugnere@lyoui1:~] $ eos -b root://lyoeosmgm1.in2p3.fr whoami
Virtual Identity: uid=2059 (99,2059) gid=110 (99,110) [authz:gsi] host=lyoui1.in2p3.fr domain=in2p3.fr
Then, when I enable ALICE token Authorization (i.e. uncomment) :
mgmofs.authlib /usr/lib64/libXrdAliceTokenAcc.so
mgmofs.authorize 1
alicetokenacc.noauthzhost localhost
alicetokenacc.noauthzhost localhost.localdomain
and the file /etc/grid-security/xrootd/TkAuthz.Authorization
contains :
EXPORT PATH:/ VO:* ACCESS:ALLOW CERT:*
RULE PATH:/eos/lyoeos.in2p3.fr/grid/alice/ AUTHZ:| NOAUTHZ:delete|read|write|write-once| VO:*| CERT:IGNORE
KEY VO:* PRIVKEY:/etc/grid-security/xrootd/privkey.pem PUBKEY:/etc/grid-security/xrootd/pubkey.pem
Then, gsi doesn’t work anymore :
[pugnere@lyoui1:~] $ eos -b root://lyoeosmgm1.in2p3.fr whoami
error: errc=3010 msg="[ERROR] Error response: Permission denied" (errc=3010) (Unknown error 3010)
In the MGM log files :
200909 17:15:58 10766 XrootdXeq: pugnere.65863:368@lyoui1 pub IPv4 login as pugnere
200909 17:15:58 time=1599664558.410408 func=IdMap level=INFO logid=static.............................. unit=mgm@lyoeosmgm1.in2p3.fr:1094 tid=00007efc3affe700 source=Mapping:993
tident= sec=(null) uid=99 gid=99 name=- geo="" sec.prot=gsi sec.name="pugnere" sec.host="lyoui1.in2p3.fr" sec.vorg="" sec.grps="" sec.role="" sec.info="/O=GRID-FR/C=FR/O=CNRS/OU=IPNL/
CN=Denis Pugnere" sec.app="" sec.tident="pugnere.65863:368@lyoui1" vid.uid=2059 vid.gid=110
200909 17:15:58 time=1599664558.410456 func=open level=INFO logid=5d24a8f6-f2af-11ea-a06f-7845c4fc35a5 unit=mgm@lyoeosmgm1.in2p3.fr:1094 tid=00007efc3affe700 source=XrdMgmOfsFile:
462 tident=pugnere.65863:368@lyoui1 sec=gsi uid=2059 gid=110 name=pugnere geo="" op=read path=/proc/user/ info=mgm.cmd=whoami
200909 17:15:58 time=1599664558.410508 func=Emsg level=ERROR logid=5d24a8f6-f2af-11ea-a06f-7845c4fc35a5 unit=mgm@lyoeosmgm1.in2p3.fr:1094 tid=00007efc3affe700 source=XrdMgmOfsFile:
3094 tident=pugnere.65863:368@lyoui1 sec=gsi uid=2059 gid=110 name=pugnere geo="" Unable to execute proc command - you don't have the requested permissions for that operation (1) /proc/u
ser/; Operation not permitted
200909 17:15:58 10766 XrootdXeq: pugnere.65863:368@lyoui1 disc 0:00:00
I’m stucked since a long time on this authorization problem.
I’ll appreciate your suggestions or comments.
Best regards,
Denis