Hi ,

We accidentally entered an incorrect EOS VID policy i.e. :-

tident:“keosteam@eos-mgm”:gid => keosteam
tident:“keosteam@eos-mgm”:uid => keosteam

However, we are unable to delete it and are receiving an error. We used the following parameters to delete it:-

[root@eos-slave ~]# eos -b vid rm vid:tident:“keosteam@eos-mgm”:gid
error: nothing has been removed (errc=22) (Invalid argument)
[root@eos-slave ~]# eos -b vid rm vid:tident:“keosteam@eos-mgm”:gid
error: nothing has been removed (errc=22) (Invalid argument)
[root@eos-slave ~]# eos -b vid rm vid:tident:“*”:gid
error: nothing has been removed (errc=22) (Invalid argument)
[root@eos-slave ~]# eos -b vid rm vid:tident:“”:gid
error: nothing has been removed (errc=22) (Invalid argument)
[root@eos-slave ~]# eos -b vid rm tident:“”:gid
error: nothing has been removed (errc=22) (Invalid argument)
[root@eos-slave ~]#

We followed Elvin’s topic i.e. EOS vid and unix authentication - #4 by esindril (June 2021) on deleting the EOS VID policy.

So, please help to sort out..

Regards

Prasun

Hi Prasun,

Try first entering the eos console and then issuing the vid rm command. In this way it’s easier since yo don’t need to do any escaping of the special characters. Therefore do:

eos

vid rm tident:“keosteam@eos-mgm”:gid

vid rm tident:“keosteam@eos-mgm”:uid

Cheers,
Elvin

Hi Elvin,

We have run suggestion as you suggested, but it’s not work. Output are below:-

============

EOS Console [root://localhost] |/> vid rm tident:“keosteam@eos-mgm”:uid
error: nothing has been removed (errc=22) (Invalid argument)
EOS Console [root://localhost] |/> vid rm tident:“keosteam@eos-mgm”:gid
error: nothing has been removed (errc=22) (Invalid argument)
EOS Console [root://localhost] |/> exit
[root@eos-mgm ~]# eos vid rm tident:“keosteam@eos-mgm”:uid
error: nothing has been removed (errc=22) (Invalid argument)
[root@eos-mgm ~]# eos vid rm tident:“keosteam@eos-mgm”:gid
error: nothing has been removed (errc=22) (Invalid argument)
[root@eos-mgm ~]#

[root@eos-mgm ~]# eos vid rm tident:“@eos-mgm*“:gid
error: nothing has been removed (errc=22) (Invalid argument)
[root@eos-mgm ~]# eos vid rm tident:”*@eos-mgm”:uid
error: nothing has been removed (errc=22) (Invalid argument)

============================

The xrdlog.mgm shows tident errors i.e.

+++++++++++

tident= sec=unix uid=10367 gid=1395 name=jalien geo=“” xt=“” ob=“” user access restricted - unauthorized identity vid.uid=10367, vid.gid=1395, vid.host=“aliendb7.cern.ch”, vid.tident=“jalien.2103400:657@aliendb7.cern.ch” for path=“/13/28236/b6d8d535-194d-11f1-9620-b47af1a61b9a” user@domain=“10367@cern.ch”
260306 16:48:30 time=1772795910.032266 func=Emsg level=ERROR logid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007fc7f99ff640 source=XrdMgmOfs:864 tident= sec= uid=0 gid=0 name= geo=“” xt=“” ob=“” Unable to give access - user access restricted - unauthorized identity used ; Permission denied
260306 16:48:30 time=1772795910.032544 func=FSctl level=ERROR logid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007fca355ee640 source=Fsctl:252 tident= sec=sss uid=65534 gid=65534 name=eosnobody geo=“” xt=“” ob=“” user access restricted - unauthorized identity vid.uid=65534, vid.gid=65534, vid.host=“eos06.tier2-kol.res.in”, vid.tident=“daemon.3979724:395@eos06” for path=“/” user@domain=“nobody@tier2-kol.res.in”

++++++++++++++++

Current vid policies are below:-

[root@eos-mgm ~]# eos vid ls
https:“”:gid => root
https:“”:uid => root
publicaccesslevel: => 1024
sss:“”:gid => root
sss:“”:uid => root
sudoer => uids(daemon)
tident:“keosteam@eos-mgm”:gid => keosteam
tident:“keosteam@eos-mgm”:uid => keosteam
tokensudo => always
unix:“”:gid => 1395
unix:“”:uid => 10367
unix:“vuid:1000”:gid => keosteam
voms:“/ops:”:gid => 20001
voms:“/ops:”:uid => 20001
voms:“ops:/ops”:gid => 20001
voms:“ops:/ops”:uid => 20001
[root@eos-mgm ~]#

++++++++++++++++++++

So, suggest.

Regards

Prasun

Hi Prasun,

I tried running some similar commands on my setup running 5.3.32 and things work as expected, see below. What eos version are you running on the MGM?

$ eos vid set map -tident keosteam@eos-mgm vuid:99 vgid:99
success: set vid [  eos.rgid=0 eos.ruid=0 mgm.cmd=vid mgm.subcmd=set mgm.vid.auth=tident mgm.vid.cmd=map mgm.vid.gid=99 mgm.vid.key=<key> mgm.vid.pattern=keosteam@eos-mgm mgm.vid.uid=99 ]
$ eos vid ls | grep keos
tident:"keosteam@eos-mgm":gid => 99
tident:"keosteam@eos-mgm":uid => 99
$ eos
EOS Console [root://localhost] |/eos/dev/replica/> vid rm tident:"keosteam@eos-mgm":gid
success: rm vid [  eos.rgid=0 eos.ruid=0 mgm.cmd=vid mgm.subcmd=rm mgm.vid.key=tident:"keosteam@eos-mgm":gid]
EOS Console [root://localhost] |/eos/dev/replica/> vid rm tident:"keosteam@eos-mgm":uid
success: rm vid [  eos.rgid=0 eos.ruid=0 mgm.cmd=vid mgm.subcmd=rm mgm.vid.key=tident:"keosteam@eos-mgm":uid]

Cheers,
Elvin

Hi Elvin,

You are right. I am running from outside of the eos console, so it’s give error. Then I had running from eos console, it’s go successful.

Thank Again.

Prasun

Hi Adrian ,

Again Hi,

We have faces very complicated issue in Our Kolkata EOS2 i.e “Permission Denied and Access Restricted”. We had search many topics in eos community website and trying sort out with the help of resolution given it. But, unable sort out.

EOS version is 5.3.27.

On xrdlog of mgm has below error:-

=============

tident=jalien.2501661:425@pcapiserv10.cern.ch sec=unix uid=10367 gid=1395 name=jalien geo=“” xt=“” ob=“” user access restricted - unauthorized identity vid.uid=10367, vid.gid=1395, vid.host=“pcapiserv10.cern.ch”, vid.tident=“jalien.2501661:425@pcapiserv10.cern.ch” for path=“/15/38775/4aca1b9f-1d52-11f1-9620-b47af1a61b9a” user@domain=“10367@cern.ch”
260311 19:33:13 time=1773237793.879333 func=Emsg level=ERROR logid=0b91c9b8-1d53-11f1-bbba-e4434b664554 unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007f56431f9640 source=XrdMgmOfsFile:3754 tident=jalien.2501661:425@pcapiserv10.cern.ch sec=unix uid=10367 gid=1395 name=jalien geo=“” xt=“” ob=“” Unable to give access - user access restricted - unauthorized identity used ; Permission denied
260311 19:33:13 21302 XrootdXeq: jalien.1883546:401@aliendb3.cern.ch disc 0:00:01
260311 19:33:13 time=1773237793.948274 func=IdMap level=INFO logid=static… unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007f56419ed640 source=Mapping:1070 tident= sec=(null) uid=0 gid=0 name=- geo=“” xt=“” ob=“” sec.prot=unix sec.name=“jalien” sec.host=“pcapiserv10.cern.ch” sec.vorg=“” sec.grps=“jalien” sec.role=“” sec.info=“” sec.app=“transfer-3rd” sec.tident=“jalien.2501668:426@pcapiserv10.cern.ch” vid.uid=10367 vid.gid=1395 sudo=0 gateway=0
260311 19:33:13 time=1773237793.948371 func=open level=ERROR logid=0b9c5392-1d53-11f1-81a7-e4434b664554 unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007f56419ed640 source=XrdMgmOfsFile:538 tident=jalien.2501668:426@pcapiserv10.cern.ch sec=unix uid=10367 gid=1395 name=jalien geo=“” xt=“” ob=“” user access restricted - unauthorized identity vid.uid=10367, vid.gid=1395, vid.host=“pcapiserv10.cern.ch”, vid.tident=“jalien.2501668:426@pcapiserv10.cern.ch” for path=“/12/32845/2805d6a9-1d52-11f1-9620-b47af1a61b9a” user@domain=“10367@cern.ch”
260311 19:33:13 time=1773237793.948400 func=Emsg level=ERROR logid=0b9c5392-1d53-11f1-81a7-e4434b664554 unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007f56419ed640 source=XrdMgmOfsFile:3754 tident=jalien.2501668:426@pcapiserv10.cern.ch sec=unix uid=10367 gid=1395 name=jalien geo=“” xt=“” ob=“” Unable to give access - user access restricted - unauthorized identity used ; Permission denied
260311 19:33:14 20803 XrootdXeq: jalien.2501654:417@pcapiserv10.cern.ch disc 0:00:01
260311 19:33:14 21273 XrootdXeq: jalien.2501654:407@pcapiserv10.cern.ch disc 0:00:02
260311 19:33:14 20801 XrootdXeq: alienmas.2750302:353@aliendb06g.cern.ch disc 0:00:05
260311 19:33:14 21270 XrootdXeq: jalien.1883553:405@aliendb3.cern.ch disc 0:00:02
260311 19:33:14 21271 XrootdXeq: jalien.2501661:425@pcapiserv10.cern.ch disc 0:00:01
260311 19:33:14 21303 XrootdXeq: jalien.2501661:409@pcapiserv10.cern.ch disc 0:00:02
260311 19:33:14 21283 XrootdXeq: jalien.2501668:426@pcapiserv10.cern.ch disc 0:00:01
260311 19:33:14 21289 XrootdXeq: jalien.2501668:419@pcapiserv10.cern.ch disc 0:00:02
260311 19:33:14 20800 XrootdXeq: User authentication failed; Decryption key not found.
260311 19:33:14 21293 XrootdXeq: alienmas.3594513:403@aliendb10.cern.ch disc 0:00:05
260311 19:33:14 20800 XrootdXeq: alienmas.2750356:429@aliendb06g.cern.ch pub IP46 login as alienmaster
260311 19:33:14 time=1773237794.393529 func=IdMap level=INFO logid=static… unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007f5642ff8640 source=Mapping:1070 tident= sec=(null) uid=0 gid=0 name=- geo=“” xt=“” ob=“” sec.prot=unix sec.name=“alienmaster” sec.host=“alientest06.cern.ch” sec.vorg=“” sec.grps=“alienmaster” sec.role=“” sec.info=“” sec.app=“transfer-3rd” sec.tident=“alienmas.1765131:400@alientest06.cern.ch” vid.uid=10367 vid.gid=1395 sudo=0 gateway=0
260311 19:33:14 time=1773237794.393624 func=open level=ERROR logid=0be04476-1d53-11f1-a7e9-e4434b664554 unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007f5642ff8640 source=XrdMgmOfsFile:538 tident=alienmas.1765131:400@alientest06.cern.ch sec=unix uid=10367 gid=1395 name=alienmaster geo=“” xt=“” ob=“” user access restricted - unauthorized identity vid.uid=10367, vid.gid=1395, vid.host=“alientest06.cern.ch”, vid.tident=“alienmas.1765131:400@alientest06.cern.ch” for path=“/03/18460/03be983c-1d52-11f1-9620-b47af1a61b9a” user@domain=“10367@cern.ch”
260311 19:33:14 time=1773237794.393653 func=Emsg level=ERROR logid=0be04476-1d53-11f1-a7e9-e4434b664554 unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007f5642ff8640 source=XrdMgmOfsFile:3754 tident=alienmas.1765131:400@alientest06.cern.ch sec=unix uid=10367 gid=1395 name=alienmaster geo=“” xt=“” ob=“” Unable to give access - user access restricted - unauthorized identity used ; Permission denied

============================

Output of VID ls are:-

[root@eos-mgm ~]# eos vid ls
https:“”:gid => root
https:“”:uid => root
publicaccesslevel: => 1024
sss:“”:gid => root
sss:“”:uid => root
sudoer => uids(daemon)
tident:“@eos-mgm*“:gid => root
tident:”@eos-mgm”:uid => root
tident:“@eos-slave":gid => root
tident:“@eos-slave”:uid => root
tident:“@eoskolkata.tier2-kol.res.in”:gid => root
tident:"*@eoskolkata.tier2-kol.res.in”:uid => root
tokensudo => always
unix:“”:gid => 1395
unix:“”:uid => 10367
voms:“/ops:”:gid => 20001
voms:“/ops:”:uid => 20001
voms:“ops:/ops”:gid => 20001
voms:“ops:/ops”:uid => 20001
[root@eos-mgm ~]#

Output of TkAuthz.Authorization:-

EXPORT PATH:/ VO:* ACCESS:ALLOW CERT:*
RULE PATH:/ AUTHZ:delete|read|write|write-once| NOAUTHZ:| VO:| CERT:IGNORE
RULE PATH:/eos/alicekolkata/ops/ AUTHZ:| NOAUTHZ:delete|read|write|write-once| VO:ops CERT:
RULE PATH:/ops/ AUTHZ:| NOAUTHZ:delete|read|write|write-once| VO:ops CERT:*
KEY VO:* PRIVKEY:/etc/grid-security/xrootd/privkey.pem PUBKEY:/etc/grid-security/xrootd/pubkey.pem

======================

So, Please suggest us accordingly.

Regards

Prasun

Hi,

We are follow link “ Write and Read authorization error “ and some others link in eos-community. But, there are something not clear.

So, can any body help us to sort out .

Regards

Prasun

Hi @prasun ! The output is weird as the numeric uid is not translated to users. The users are needed on mgm to exist as UNIX users. In my case i have this:

eos vid ls
gsi:“”:gid => root
gsi:“”:uid => root
https:“”:gid => root
https:“”:uid => root
publicaccesslevel: => 1024
sss:“”:gid => root
sss:“”:uid => root
sudoer => uids(daemon)
tokensudo => always
unix:“”:gid => alice
unix:“”:uid => aliprod
voms:“/dteam:”:gid => dteam
voms:“/dteam:”:uid => dteam
voms:“/ops:”:gid => ops
voms:“/ops:”:uid => ops
voms:“dteam:/dteam”:gid => dteam
voms:“dteam:/dteam”:uid => dteam
voms:“ops:/ops”:gid => ops
voms:“ops:/ops”:uid => ops

in my case ignore the voms parts, those were my tryouts to have both gsi and ALICE token authentication. what is important is to have for unix authentication the aliprod/alice user defined on mgms

Hi Adrian and EOS Team,

As per your suggestion, we had make some modification in “eos vid ls” i.e.

EOS Console [root://localhost] |/> vid ls
https:“”:gid => root
https:“”:uid => root
publicaccesslevel: => 1024
sss:“”:gid => root
sss:“”:uid => root
sudoer => uids(daemon)
tokensudo => always
unix:“”:gid => alice
unix:“”:uid => aliprod
EOS Console [root://localhost] |/>

[root@eos-mgm ~]# id aliprod
uid=10367(aliprod) gid=1395(alice) groups=1395(alice)

============================

But till we has faces same fault issue i.e.

260314 15:33:23 19323 XrootdXeq: alienmas.3949016:497@aliendb10.cern.ch pub IP46 login as alienmaster
260314 15:33:23 time=1773482603.308807 func=IdMap level=INFO logid=static… unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007fef04458640 source=Mapping:1070 tident= sec=(null) uid=0 gid=0 name=- geo=“” xt=“” ob=“” sec.prot=unix sec.name=“alienmaster” sec.host=“aliendb9.cern.ch” sec.vorg=“” sec.grps=“alienmaster” sec.role=“” sec.info=“” sec.app=“” sec.tident=“alienmas.2987994:445@aliendb9.cern.ch” vid.uid=10367 vid.gid=1395 sudo=0 gateway=0
260314 15:33:23 time=1773482603.308861 func=stat level=ERROR logid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007fef04458640 source=Stat:87 tident= sec=unix uid=10367 gid=1395 name=alienmaster geo=“” xt=“” ob=“” user access restricted - unauthorized identity vid.uid=10367, vid.gid=1395, vid.host=“aliendb9.cern.ch”, vid.tident=“alienmas.2987994:445@aliendb9.cern.ch” for path=“/07/08457/88267ced-1ee2-11f1-9620-b47af1a61b9a” user@domain=“aliprod@cern.ch”
260314 15:33:23 time=1773482603.308889 func=Emsg level=ERROR logid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007fef04458640 source=XrdMgmOfs:877 tident= sec= uid=0 gid=0 name= geo=“” xt=“” ob=“” Unable to give access - user access restricted - unauthorized identity used ; Permission denied

260314 15:33:23 19081 XrootdXeq: User authentication failed; Decryption key not found.
260314 15:33:23 19083 XrootdXeq: jalien.3163312:509@pcapiserv10.cern.ch pub IP46 login as jalien
260314 15:33:23 19357 XrootdXeq: alienmas.3134876:471@alientest06.cern.ch pub IP46 login as alienmaster
260314 15:33:23 time=1773482603.362872 func=IdMap level=INFO logid=static… unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007fef04257640 source=Mapping:1070 tident= sec=(null) uid=0 gid=0 name=- geo=“” xt=“” ob=“” sec.prot=unix sec.name=“alienmaster” sec.host=“aliendb10.cern.ch” sec.vorg=“” sec.grps=“alienmaster” sec.role=“” sec.info=“” sec.app=“transfer-3rd” sec.tident=“alienmas.3949000:470@aliendb10.cern.ch” vid.uid=10367 vid.gid=1395 sudo=0 gateway=0
260314 15:33:23 time=1773482603.362963 func=open level=ERROR logid=0964816c-1f8d-11f1-b072-e4434b664554 unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007fef04257640 source=XrdMgmOfsFile:538 tident=alienmas.3949000:470@aliendb10.cern.ch sec=unix uid=10367 gid=1395 name=alienmaster geo=“” xt=“” ob=“” user access restricted - unauthorized identity vid.uid=10367, vid.gid=1395, vid.host=“aliendb10.cern.ch”, vid.tident=“alienmas.3949000:470@aliendb10.cern.ch” for path=“/01/16386/52682250-1ee4-11f1-9620-b47af1a61b9a” user@domain=“aliprod@cern.ch”
260314 15:33:23 time=1773482603.363021 func=Emsg level=ERROR logid=0964816c-1f8d-11f1-b072-e4434b664554 unit=mgm@eos-mgm.tier2-kol.res.in:1094 tid=00007fef04257640 source=XrdMgmOfsFile:3754 tident=alienmas.3949000:470@aliendb10.cern.ch sec=unix uid=10367 gid=1395 name=alienmaster geo=“” xt=“” ob=“” Unable to give access - user access restricted - unauthorized identity used ; Permission denied

========================

Please help.

Regards

Prasun

Hi! I’m not sure if relevant but the rules for /etc/grid-security/xrootd/TkAuthz.Authorization state that the order of rules should be from the specific to general ..
so in your case instead of:

RULE PATH:/ AUTHZ:delete|read|write|write-once| NOAUTHZ:| VO:| CERT:IGNORE
RULE PATH:/eos/alicekolkata/ops/ AUTHZ:| NOAUTHZ:delete|read|write|write-once| VO:ops CERT:
RULE PATH:/ops/ AUTHZ:| NOAUTHZ:delete|read|write|write-once| VO:ops CERT:*

change order to

RULE PATH:/eos/alicekolkata/ops/ AUTHZ:| NOAUTHZ:delete|read|write|write-once| VO:ops CERT:
RULE PATH:/ops/ AUTHZ:| NOAUTHZ:delete|read|write|write-once| VO:ops CERT:*
RULE PATH:/ AUTHZ:delete|read|write|write-once| NOAUTHZ:| VO:| CERT:IGNORE
also make sure that all CERT are CERT:*
and for generic path (/) you have VO:*|

Good Morning EOS Expert Team,

Cheers…

After followup the multiple suggestion on eos-community for VID policy and Token authentication, Kolkata EOS has till not run. We had trying to rectify each error step by step, but not succeed. We had also faces error “3010 - Permission Denied Error” and “[3005] Unable to Unable to give access - user access restricted - unauthorized identity used ; Permission denied” error.

=============

[root@eos-mgm ~]# eos root://eoskolkata.tier2-kol.res.in whoami
error: errc=3010 msg=“[ERROR] Error response: permission denied” (errc=3010) (Unknown error 3010)
[root@eos-mgm ~]# eos root://localhost whoami
Virtual Identity: uid=0 (0,3,65534) gid=0 (0,4,65534) [authz:sss] sudo* host=localhost domain=localdomain
[root@eos-mgm ~]#

[root@eos-mgm ~]# env XrdSecPROTOCOL=unix eos root://eoskolkata.tier2-kol.res.in whoami
error: errc=3010 msg=“[ERROR] Error response: permission denied” (errc=3010) (Unknown error 3010)
[root@eos-mgm ~]# env XrdSecPROTOCOL=sss eos root://eoskolkata.tier2-kol.res.in whoami
error: errc=3010 msg=“[ERROR] Error response: permission denied” (errc=3010) (Unknown error 3010)
[root@eos-mgm ~]# env XrdSecPROTOCOL=unix eos root://localhost whoami
Virtual Identity: uid=0 (0,3,10367,65534) gid=0 (0,4,1395) [authz:unix] sudo* host=localhost domain=localdomain
[root@eos-mgm ~]# env XrdSecPROTOCOL=sss eos root://localhost whoami
Virtual Identity: uid=0 (0,3,65534) gid=0 (0,4,65534) [authz:sss] sudo* host=localhost domain=localdomain

=============

Current output of eos vid are:-

[root@eos-mgm ~]# eos vid ls
https:“”:gid => root
https:“”:uid => root
publicaccesslevel: => 1024
sss:“”:gid => root
sss:“”:uid => root
sudoer => uids(daemon)
tident:“@eos-mgm.tier2-kol.res.ineos-mgm.tier2-kol.res.in@eos-mgm.tier2-kol.res.in“:gid => root
tident:”*@eos-mgm.tier2-kol.res.in”:uid => root
tokensudo => always
unix:“”:gid => alice
unix:“”:uid => aliprod
[root@eos-mgm ~]# eos vid ls -a
auth=https
auth=sss
[root@eos-mgm ~]#

===============

MGM config info are -

+++++++++++++

[root@eos-mgm ~]# eos daemon config mgm mgm info
[putenv] DAEMON_COREFILE_LIMIT=unlimited
[putenv] EOS_ALLOW_SAME_HOST_IN_GROUP=1
[putenv] EOS_AUTOLOAD_CONFIG=default
[putenv] EOS_BROKER_URL=root://localhost:1097//eos/
[putenv] EOS_FST_ASYNC_CLOSE=1
[putenv] EOS_GEOTAG=Kolkata::EOS2
[putenv] EOS_HTTP_CONNECTION_MEMORY_LIMIT=4194304
[putenv] EOS_HTTP_THREADPOOL=epoll
[putenv] EOS_HTTP_THREADPOOL_SIZE=32
[putenv] EOS_INSTANCE_NAME=eosalicekolkata
[putenv] EOS_MAIL_CC="vikasssinghal@gmail.com"
[putenv] EOS_MGM_ALIAS=eos-mgm.tier2-kol.res.in
[putenv] EOS_MGM_FUSEX_MAX_CHILDREN=262144
[putenv] EOS_MGM_HOST=eos-mgm.tier2-kol.res.in
[putenv] EOS_MGM_HOST_TARGET=eos-mgm.tier2-kol.res.in
[putenv] EOS_MGM_HTTP_PORT=8000
[putenv] EOS_MGM_LISTING_CACHE=0
[putenv] EOS_MGM_MASTER1=eos-mgm.tier2-kol.res.in
[putenv] EOS_MGM_MASTER2=eos-mgm.tier2-kol.res.in
[putenv] EOS_NOTIFY=“mail
[putenv] EOS_NO_STACKTRACE=1
[putenv] EOS_NS_ACCOUNTING=1
[putenv] EOS_NS_BOOT_PARALLEL=1
[putenv] EOS_START_SYNC_SEPARATELY=1
[putenv] EOS_SYNCTIME_ACCOUNTING=1
[putenv] EOS_TTY_BROACAST_EGREP=”“CRIT|ALERT|EMERG|PROGRESS”"
[putenv] EOS_TTY_BROADCAST_LISTEN_LOGFILE=“/var/log/eos/mgm/xrdlog.mgm”
[putenv] EOS_USE_MQ_ON_QDB=1
[putenv] EOS_UTF8=“”
[putenv] EOS_XROOTD=/opt/eos/xrootd/
[putenv] GEO_TAG=Kolkata::EOS2
[putenv] GSI=
[putenv] INSTANCE_NAME=eosalicekolkata
[putenv] KRB5=
[putenv] KRB5RCACHETYPE=none
[putenv] LD_LIBRARY_PATH=/opt/eos/xrootd//lib64:/opt/eos/grpc/lib64
[putenv] LD_PRELOAD=/usr/lib64/libjemalloc.so
[putenv] SERVER_HOST=eos-mgm.tier2-kol.res.in
[putenv] XDG_CACHE_HOME=/var/cache/eos/

---------------------------------------

------------- i n i t -----------------

---------------------------------------

mkdir -p /var/run/eos/
chown daemon:root /var/run/eos/
mkdir -p /var/cache/eos/
chown daemon:root /var/cache/eos/
if [ -e /etc/eos.keytab ]; then chown daemon /etc/eos.keytab ; chmod 400 /etc/eos.keytab ; fi
mkdir -p /var/eos/md /var/eos/report
chmod 755 /var/eos /var/eos/report
mkdir -p /var/spool/eos/core/mgm /var/spool/eos/core/mq /var/spool/eos/core/fst /var/spool/eos/core/qdb /var/spool/eos/admin
mkdir -p /var/log/eos
chown -R daemon /var/spool/eos
find /var/log/eos -maxdepth 1 -type d -exec chown daemon {} ;
find /var/eos/ -maxdepth 1 -mindepth 1 -not -path “/var/eos/fs” -not -path “/var/eos/fusex” -type d -exec chown -R daemon {} ;
chmod -R 775 /var/spool/eos
mkdir -p /var/eos/auth /var/eos/stage
chown daemon /var/eos/auth /var/eos/stage
setfacl -m default:u:daemon:r /var/eos/auth/

---------------------------------------

------------- s y s c o n f i g -------

---------------------------------------

SERVER_HOST=eos-mgm.tier2-kol.res.in
INSTANCE_NAME=eosalicekolkata
GEO_TAG=Kolkata::EOS2
EOS_USE_MQ_ON_QDB=1
EOS_XROOTD=/opt/eos/xrootd/
LD_LIBRARY_PATH=/opt/eos/xrootd//lib64:/opt/eos/grpc/lib64
LD_PRELOAD=/usr/lib64/libjemalloc.so
EOS_NS_BOOT_PARALLEL=1
EOS_FST_ASYNC_CLOSE=1
DAEMON_COREFILE_LIMIT=unlimited
LD_PRELOAD=/usr/lib64/libjemalloc.so
KRB5RCACHETYPE=none
KRB5=
GSI=
EOS_MGM_HOST=eos-mgm.tier2-kol.res.in
EOS_MGM_HOST_TARGET=eos-mgm.tier2-kol.res.in
EOS_START_SYNC_SEPARATELY=1
EOS_INSTANCE_NAME=eosalicekolkata
EOS_AUTOLOAD_CONFIG=default
EOS_BROKER_URL=root://localhost:1097//eos/
EOS_GEOTAG=Kolkata::EOS2
EOS_MGM_MASTER1=eos-mgm.tier2-kol.res.in
EOS_MGM_MASTER2=eos-mgm.tier2-kol.res.in
EOS_MGM_ALIAS=eos-mgm.tier2-kol.res.in
EOS_NO_STACKTRACE=1
EOS_UTF8=“”
EOS_NS_ACCOUNTING=1
EOS_SYNCTIME_ACCOUNTING=1
EOS_MGM_LISTING_CACHE=0
EOS_ALLOW_SAME_HOST_IN_GROUP=1
EOS_MGM_HTTP_PORT=8000
EOS_HTTP_THREADPOOL=epoll
EOS_HTTP_THREADPOOL_SIZE=32
EOS_HTTP_CONNECTION_MEMORY_LIMIT=4194304
EOS_MGM_FUSEX_MAX_CHILDREN=262144

EOS_MAIL_CC=

EOS_NOTIFY=“mail -s date +%s-hostname-eos-notify $EOS_MAIL_CC”
EOS_TTY_BROADCAST_LISTEN_LOGFILE=“/var/log/eos/mgm/xrdlog.mgm”
EOS_TTY_BROACAST_EGREP=““CRIT|ALERT|EMERG|PROGRESS””
XDG_CACHE_HOME=/var/cache/eos/

---------------------------------------

------------- m o d u l e s -----------

---------------------------------------

---------------------------------------

------------- x r o o t d ------------

---------------------------------------

running config file: /var/run/eos/xrd.cf.mgm

xrootd.fslib libXrdEosMgm.so
xrootd.seclib libXrdSec.so
xrootd.async off nosf
xrootd.chksum adler32
xrd.sched mint 8 maxt 256 idle 64
all.export / nolock
all.role manager
oss.fdlimit 16384 32768
sec.protocol unix
sec.protocol sss -c /etc/eos.keytab -s /etc/eos.keytab
sec.protbind localhost.localdomain unix sss
sec.protbind localhost unix sss
sec.protbind * only sss unix
mgmofs.fs /
mgmofs.targetport 1095
mgmofs.authlib /usr/lib64/libXrdAliceTokenAcc.so
mgmofs.authorize 1
mgmofs.broker root://localhost:1097//eos/
mgmofs.instance eosalicekolkata
mgmofs.metalog /var/eos/md
mgmofs.txdir /var/eos/tx
mgmofs.authdir /var/eos/auth
mgmofs.archivedir /var/eos/archive
mgmofs.qosdir /var/eos/qos
mgmofs.reportstorepath /var/eos/report
mgmofs.autoloadconfig default
mgmofs.qoscfg /var/eos/qos/qos.conf
mgmofs.auththreads 64
mgmofs.authport 15555
mgmofs.authlocal 1
mgmofs.fstgw someproxy.cern.ch:3001
mgmofs.nslib /usr/lib64/libEosNsQuarkdb.so
mgmofs.qdbcluster eos-mgm.tier2-kol.res.in:7777 eos-slave.tier2-kol.res.in:7777 eos-qdb.tier2-kol.res.in:7777
mgmofs.qdbpassword_file /etc/eos.keytab
alicetokenacc.multiprocess 32
alicetokenacc.noauthzhost localhost
alicetokenacc.noauthzhost localhost.localdomain
alicetokenacc.truncateprefix /eos/alicekolkata/grid
alicetokenacc.noauthzhost st-srv-100-18114.cern.ch
xrootd.monitor all flush 60s window 30s dest files info user htcvobox.tier2-kol.res.in:9930

#########################################

FST config info are-

+++++++++++++++++++

[root@eos11 ~]# eos daemon config fst fst info
[putenv] APMON_INSTANCE_NAME=ALICE::KOLKATA::EOS2
[putenv] APMON_STORAGEPATH=xdata
[putenv] EOS_AUTOLOAD_CONFIG=default
[putenv] EOS_BROKER_URL=root://eoskolkata.tier2-kol.res.in:1097//eos/
[putenv] EOS_FST_NETWORK_INTERFACE=“eno1”
[putenv] EOS_FST_NO_SSS_ENFORCEMENT=1
[putenv] EOS_FST_REPLICA_ASYNC_WRITE=1
[putenv] EOS_FUSE_MGM_ALIAS=eoskolkata.tier2-kol.res.in
[putenv] EOS_GEOTAG=Kolkata::EOS2
[putenv] EOS_HTTP_CONNECTION_MEMORY_LIMIT=134217728
[putenv] EOS_HTTP_THREADPOOL=“epoll”
[putenv] EOS_HTTP_THREADPOOL_SIZE=32
[putenv] EOS_MAIL_CC=
[putenv] EOS_MGM_ALIAS=eoskolkata.tier2-kol.res.in
[putenv] EOS_MGM_URL=“root://eoskolkata.tier2-kol.res.in:1094”
[putenv] EOS_NOTIFY=“mail
[putenv] EOS_TTY_BROACAST_EGREP=”“CRIT|ALERT|EMERG|PROGRESS”"
[putenv] EOS_USE_MQ_ON_QDB=1
[putenv] EOS_XRDCP=/opt/eos/xrootd/bin/xrdcp
[putenv] EOS_XROOTD=/opt/eos/xrootd
[putenv] GEO_TAG=Kolkata::EOS2
[putenv] INSTANCE_NAME=eosalicekolkata
[putenv] LD_LIBRARY_PATH=/opt/eos/xrootd/lib64:/opt/eos/grpc/lib64
[putenv] LD_PRELOAD=/usr/lib64/libjemalloc.so
[putenv] MONALISAHOST=htcvobox.tier2-kol.res.in
[putenv] QDB_HOST=eos-qdb.tier2-kol.res.in:7777;eos-slave.tier2-kol.res.in:7777;eos-mgm.tier2-kol.res.in:7777
[putenv] QDB_PORT=7777
[putenv] SERVER_HOST=eoskolkata.tier2-kol.res.in
[putenv] XRD_LOGLEVEL=Dump

---------------------------------------

------------- i n i t -----------------

---------------------------------------

mkdir -p /var/run/eos/
chown daemon:root /var/run/eos/
mkdir -p /var/cache/eos/
chown daemon:root /var/cache/eos/
if [ -e /etc/eos.keytab ]; then chown daemon /etc/eos.keytab ; chmod 400 /etc/eos.keytab ; fi
mkdir -p /var/eos/md /var/eos/report
chmod 755 /var/eos /var/eos/report
mkdir -p /var/spool/eos/core/mgm /var/spool/eos/core/mq /var/spool/eos/core/fst /var/spool/eos/core/qdb /var/spool/eos/admin
mkdir -p /var/log/eos
chown -R daemon /var/spool/eos
find /var/log/eos -maxdepth 1 -type d -exec chown daemon {} ;
find /var/eos/ -maxdepth 1 -mindepth 1 -not -path “/var/eos/fs” -not -path “/var/eos/fusex” -type d -exec chown -R daemon {} ;
chmod -R 775 /var/spool/eos
mkdir -p /var/eos/auth /var/eos/stage
chown daemon /var/eos/auth /var/eos/stage
setfacl -m default:u:daemon:r /var/eos/auth/

---------------------------------------

------------- s y s c o n f i g -------

---------------------------------------

SERVER_HOST=eoskolkata.tier2-kol.res.in
INSTANCE_NAME=eosalicekolkata
GEO_TAG=Kolkata::EOS2
EOS_XROOTD=/opt/eos/xrootd
LD_LIBRARY_PATH=/opt/eos/xrootd/lib64:/opt/eos/grpc/lib64
LD_PRELOAD=/usr/lib64/libjemalloc.so
EOS_XRDCP=/opt/eos/xrootd/bin/xrdcp
EOS_MGM_ALIAS=eoskolkata.tier2-kol.res.in
EOS_GEOTAG=Kolkata::EOS2
QDB_HOST=eos-qdb.tier2-kol.res.in:7777;eos-slave.tier2-kol.res.in:7777;eos-mgm.tier2-kol.res.in:7777
QDB_PORT=7777
EOS_MGM_URL=“root://eoskolkata.tier2-kol.res.in:1094”
EOS_BROKER_URL=root://eoskolkata.tier2-kol.res.in:1097//eos/
EOS_FUSE_MGM_ALIAS=eoskolkata.tier2-kol.res.in
EOS_HTTP_THREADPOOL=“epoll”
EOS_HTTP_THREADPOOL_SIZE=32
EOS_HTTP_CONNECTION_MEMORY_LIMIT=134217728
APMON_INSTANCE_NAME=ALICE::KOLKATA::EOS2
MONALISAHOST=htcvobox.tier2-kol.res.in
APMON_STORAGEPATH=xdata
EOS_AUTOLOAD_CONFIG=default
EOS_USE_MQ_ON_QDB=1
EOS_FST_NETWORK_INTERFACE=“eno1”
EOS_FST_NO_SSS_ENFORCEMENT=1

EOS_MAIL_CC=

EOS_NOTIFY=“mail -s date +%s-hostname-eos-notify $EOS_MAIL_CC”
EOS_TTY_BROACAST_EGREP=““CRIT|ALERT|EMERG|PROGRESS””
XRD_LOGLEVEL=Dump
EOS_FST_REPLICA_ASYNC_WRITE=1

---------------------------------------

------------- m o d u l e s -----------

---------------------------------------

---------------------------------------

------------- x r o o t d ------------

---------------------------------------

running config file: /var/run/eos/xrd.cf.fst

xrd.network keepalive
xrd.port 1095
xrootd.fslib -2 libXrdEosFst.so
xrootd.async off nosf
xrootd.redirect eoskolkata.tier2-kol.res.in:1094 chksum
xrootd.seclib libXrdSec.so
sec.protocol unix
sec.protocol sss -c /etc/eos.keytab -s /etc/eos.keytab
sec.protbind * only unix sss
all.export / nolock
all.trace none
all.manager localhost 2131
ofs.persist off
ofs.osslib libEosFstOss.so
ofs.tpc pgm /opt/eos/xrootd/bin/xrdcp
fstofs.broker root://eoskolkata.tier2-kol.res.in:1097//eos/
fstofs.autoboot true
fstofs.quotainterval 10
fstofs.metalog /var/eos/md/
fstofs.filemd_handler attr
fstofs.qdbcluster eos-qdb.tier2-kol.res.in:7777 eos-slave.tier2-kol.res.in:7777 eos-mgm.tier2-kol.res.in:7777
fstofs.qdbpassword_file /etc/eos.keytab
xrootd.monitor all flush 60s window 30s dest files info user htcvobox.tier2-kol.res.in:9930
fstofs.filemd_handler attr

#########################################

So, please suggest accordingly.

We are so puzzled to resolve and unable to differentiate the solution, which were mention by Different Site Administrators and Developers on eos-community.

Regards

Prasun and Kolkata Team