...

The xrootd redirectors are configured to forward a file remove request of a client to all of its data server. Therefore it has to be configured that only certain clients are allowed to
remove files. Only one production user should be we would like to configure the redirectors so that clients have to authenticate them self and only one production account is authorized to remove files.

Testing

The Fermi test xrootd setup was configured to use authentication/authorization for the redirectors and data servers:
1) Only glastxrw was allowed to remove files either (through the redirector or data server.

Testing

)
2) all clients were allowed to read/write files if connected to redirector
3) Only Fermi users are allowed to read files from the data servers
4) Only Fermi production accounts are allowed to write files

These rules were tested using the four accounts one being a Fermi user (read-only access), a production account and the account that that has privileges to remove files and a non Fermi
user accountAuthorization was setup for the Fermi test xrootd redirectors. It was confirmed that clients are still able to read and write files, But only glastxrw is able to remove files.

Rollback

The configuration can be rolled back by using the old xrootd configuration and authorization. A restart of the xrootd servers is needed.

...