xrootdfs - Man Page

xrootd FUSE file system daemon

Synopsis

xrootdfs [options] parameters

Description

The xrootdfs daemon provides a file system view of an xrootd cluster using FUSE. Usage synopsis can be displayed by typing "xrootdfs -h". Short documentation can be found in a README file in the src/XrdFfs source directory.

Examples

Assuming the redirector is rdr:port

run from command line with debugging output

xrootdfs -d -o rdr=root://rdr:port//data,uid=daemon /mnt

use in /etc/fstab

xrootdfs /mnt fuse rdr=root://rdr:port//data,uid=daemon 1 2

use with autofs

1. add a line to /etc/auto.master
/- /etc/auto.fuse

2. create /etc/auto.fuse with the following one line
/mnt -fstype=fuse,uid=2,rdr=root://rdr\:port//data :xrootdfs.sh

3. create script /usr/bin/xrootdfs.sh (make sure +x bit is set)
#!/bin/sh
exec /usr/bin/xrootdfs $@ >/dev/null 2>&1

Notes

Documentation for all components associated with xrootdfs can be found at http://xrootd.org/docs.html

xrootdfs allows users and administators to query and change the internal parameters on the fly via the filesystem extended attributes

getfattr -n attribute_name /mount_point
setfattr -n attribute_name [ -v value ] /mount_point

attribute_name:

xroot.url: query the actual ROOT url of the file (this is an old one)
xrootdfs.fs.nworkers: query or change the number of threads working in parallel on operations such as stat(), unlink()/rmdir(), readdir(), statvfs(), etc.
xrootdfs.fs.dataserverlist: query or refresh the list of all data servers known to this xrootdfs instance (or "kill -USR1 pid" to refresh)

Security

By default, XrootdFS does not send individual user identity to the Xrootd storage servers. So Xrootd storage thinks that all operations from an XrootdFS instance come from the user  that runs the XrootdFS instance. When the Xrootd "sss" security module (Simple Shared Security)  is enabled at both XrootdFS and Xrootd storage system, XrootdFS will send individual user identity information to the Xrootd storage servers. This info can be used along with the Xrootd ACL to control file/directory access.

To use "sss" security module, both Xrootd data servers and XrootdFS should be configured to use "sss" in a particular way, e.g. both sides should use a key file that contains the same key generated by the xrdsssadmin program in the following way:

xrdsssadmin -k my_key_name -u anybody -g usrgroup add keyfile

(change only "my_key_name" and "keyfile"). Please refer to environment variable "XrdSecsssKT" in Xrootd "Authentication & Access Control Configuration Reference" for more information on the location of the keyfile and its unix permission bits. That same document also describes the Xrootd ACL DB file.

To enable "sss" with XrootdFS, use the sss=/keyfile option with XrootdFS.

The following example shows how to use both unix and sss security modules with the Xrootd  data servers.

 xrootd.seclib /usr/lib64/libXrdSec.so
 sec.protocol /usr/lib64 sss -s /keyfile
 sec.protocol /usr/lib64 unix
 acc.authdb /your_xrootd_ACL_auth_db_file
 acc.authrefresh 300
 ofs.authorize

Diagnostics

Errors yield an error message and a non-zero exit status. The program never exits upon success.  Use the umount command to terminate the program.

Additional logging information can be found in syslog (/var/log/messages)

License

License terms can be displayed by typing "xrootd -H".

Support Level

The xrootdfs daemon is supported by the xrootd collaboration. Contact information can be found at

http://xrootd.org/contact.html

Info

v5.7.1