I am trying to understand how the EOS auth needs to be set up so that an external user can xrdcp a file - using simple unix authentication - to an EOS dir owned by
This actually depends on what you have defined in your vid map. In general, using the unix authentication is not a recommended setup unless you control the client machine.
Once you enable the vid mapping for unix (or even without this), you can allow unix connection from a certain hosts to use the local identity when connecting to the MGM by defining a tident mapping. For example the truncated output of eos vid ls could look like this:
Anyone connecting from the iota machine with unix auth will be mapped to the id advertised by the client. You can add such entries with the usual eos vid map -tident ..... You can also enable this for every unix authentication by modifying the initial rule introduced when enabling unix mapping to point to root rather than nobody - but this is definitely not recommended.
Many thanks for this. I tried successfully your suggestion in a slightly different context: issuing eos client commands (eos mkdir in particular) from a machine called cta-adm
eos vid set map -tident root@cta-adm vuid:0 vgid:0
I can’t see in the docs how to remove this mapping (there isn’y anything like “eos vid rm map…”). Do you know how?
You can use the eos vid rm command and the key is everything before the => sign. You should be doing this from the eos console so that you don’t bother with escaping characters.