1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
.TH xrootdfs 1 "@XRootD_VERSION_STRING@"
.SH NAME
xrootdfs - xrootd FUSE file system daemon
.SH SYNOPSIS
.nf
\fBxrootdfs\fR [\fIoptions\fR] \fIparameters\fR
.fi
.br
.ad l
.SH DESCRIPTION
The \fBxrootdfs\fR daemon provides a file system view of an xrootd cluster
using FUSE.
Usage synopsis can be displayed by typing "\fBxrootdfs -h\fR".
Short documentation can be found in a README file in the src/XrdFfs source
directory.
.SH EXAMPLES
Assuming the redirector is
.B rdr:port
run from command line with debugging output
.RS
xrootdfs -d -o rdr=root://rdr:port//data,uid=daemon /mnt
.RE
use in /etc/fstab
.RS
xrootdfs /mnt fuse rdr=root://rdr:port//data,uid=daemon 1 2
.RE
use with autofs
.RS
1. add a line to /etc/auto.master
.br
/\- /etc/auto.fuse
2. create /etc/auto.fuse with the following one line
.br
/mnt \-fstype=fuse,uid=2,rdr=root://rdr\\:port//data :xrootdfs.sh
3. create script /usr/bin/xrootdfs.sh (make sure +x bit is set)
.br
#!/bin/sh
.br
exec /usr/bin/xrootdfs $@ >/dev/null 2>&1
.SH NOTES
Documentation for all components associated with \fBxrootdfs\fR can be found at
https://xrootd.org/docs.html
xrootdfs allows users and administators to query and change the internal
parameters on the fly via the filesystem extended attributes
getfattr -n attribute_name /mount_point
.br
setfattr -n attribute_name [ -v value ] /mount_point
attribute_name:
.RS
.B xroot.url:
query the actual ROOT url of the file (this is an old one)
.br
.B xrootdfs.fs.nworkers:
query or change the number of threads working in parallel on
operations such as stat(), unlink()/rmdir(), readdir(), statvfs(), etc.
.br
.B xrootdfs.fs.dataserverlist:
query or refresh the list of all data servers known to this xrootdfs
instance (or "kill -USR1 pid" to refresh)
.SH SECURITY
By default, XrootdFS does not send individual user identity to the Xrootd storage servers.
So Xrootd storage thinks that all operations from an XrootdFS instance come from the user
that runs the XrootdFS instance. When the Xrootd "sss" security module (Simple Shared Security)
is enabled at both XrootdFS and Xrootd storage system, XrootdFS will send individual user
identity information to the Xrootd storage servers. This info can be used along with the Xrootd ACL
to control file/directory access.
To use "sss" security module, both Xrootd data servers and XrootdFS should be
configured to use "sss" in a particular way, e.g. both sides should use a
key file that contains the same key generated by the xrdsssadmin program in the
following way:
xrdsssadmin -k my_key_name -u anybody -g usrgroup add keyfile
(change only "my_key_name" and "keyfile"). Please refer to environment variable
"XrdSecsssKT" in Xrootd "Authentication & Access Control Configuration Reference"
for more information on the location of the keyfile and its unix permission bits. That
same document also describes the Xrootd ACL DB file.
To enable "sss" with XrootdFS, use the sss=/keyfile option with XrootdFS.
The following example shows how to use both unix and sss security modules with the Xrootd
data servers.
.RS
xrootd.seclib /usr/lib64/libXrdSec.so
.br
sec.protocol /usr/lib64 sss -s /keyfile
.br
sec.protocol /usr/lib64 unix
.br
acc.authdb /your_xrootd_ACL_auth_db_file
.br
acc.authrefresh 300
.br
ofs.authorize
.SH DIAGNOSTICS
Errors yield an error message and a non-zero exit status.
The program never exits upon success. Use the umount command to terminate the
program.
Additional logging information can be found in syslog (/var/log/messages)
.SH LICENSE
License terms can be displayed by typing "\fBxrootd -H\fR".
.SH SUPPORT LEVEL
The \fBxrootdfs\fR daemon is supported by the xrootd collaboration.
Contact information can be found at
.ce
https://xrootd.org/contact.html
|
