Hello,
While setting up a split GridFTP server, i.e.,
o front-end: control channel, runs as non-privileged user
o back-end: data channel and IPC to front-end, runs as root
I noticed the following limitation of the front-end server.
When the front-end server runs as non-privileged user, one
must disable authorization on the front-end server, i.e., set
-auth-level 0
(Alternatively, one must map all the DNs to the user running the
front-end.)
This is because, when doing authorization, the server performs two
actions:
(1) checks the DN against the grid map-file;
(2) calls setuid()/setgid() to change the real ID to that defined
in the grid map-file
Now, step (2) is possible only when the process runs as root, or
changes
to the same ID. Therefore, (2) cannot be done when running the
front-end
as "globus".
There seem to be two solutions to this problem:
(a) Use sudo instead of setuid(), therefore allowing the user
globus to change the ID;
(b) Peform on the front-end only action (1) (check user DN) and
delegate action (2) to the back end server.
Are these or other solutions considered by the GridFTP team
to allow the front-end server to perform authorization when
running as a non-privileged user?
Thank you.
Gabriel
