On Tuesday 28 June 2005 01:33, Kostas Georgiou wrote:
> On Mon, Jun 27, 2005 at 11:42:52PM +0100, Gordon, JC (John) wrote:
> > Kostas, I believe this isn't the same old rfio but a new secure version
> > although I don't know the details.
>
> I would hope so. I heard promises about a new "secure" rfio two years ago
> but i haven't seen anything so far, i am reluctant to believe that this
> time it is a secure version.
Hi Kostas
I've been testing DPM here at Glasgow and can confirm that
the version of rfiod is GSI enabled:
grid05:~$ rfdir grid07:/
grid07:/: Bad credentials
grid05:~$ grid-proxy-init
Your identity: /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
Enter GRID pass phrase for this identity:
Creating proxy ................................ Done
Your proxy is valid until: Tue Jun 28 22:56:05 2005
grid05:~$ rfdir grid07:/
drwxr-xr-x 20 root root 4096 Jun 27 15:18 .
drwxr-xr-x 20 root root 4096 Jun 27 15:18 ..
drwx------ 2 root root 16384 Jun 24 13:01 lost+found
drwxr-xr-x 4 root root 1024 Jun 24 12:31 boot
drwxr-xr-x 22 root root 118784 Jun 27 15:18 dev
[...]
grid05:~$ rfcp /etc/hosts grid07:/tmp
666 bytes in 0 seconds through local (in) and eth0 (out)
grid05:~$ rfdir grid07:/tmp/hosts
-rw-r--r-- 1 dteam001 dteam 666 Jun 28 10:56
grid07:/tmp/hosts
It even does logging (wow!):
Jun 28 10:56:43 rfiod[23621]: request by
/C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart (18118,2688) Jun 28
10:56:43 rfiod[23621]: doit(1): connection from grid05.ph.gla.ac.uk Jun 28
10:56:43 rfiod[23621]: srstat64: file: /tmp for (18118,2688) status 0 Jun 28
10:56:43 rfiod[22554]: Waiting for end of child 23621, status 0 Jun 28
10:56:43 rfiod[23622]: request by
/C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart (18118,2688) Jun 28
10:56:43 rfiod[23622]: doit(1): connection from grid05.ph.gla.ac.uk Jun 28
10:56:43 rfiod[23622]: ropen64_v3: (/tmp/hosts,01401,0644) for (18118,2688)
Jun 28 10:56:43 rfiod[23622]: Joining thread
Jun 28 10:56:43 rfiod[23622]: rclose64_v3(1, 2): 0 read, 3 readahead, 1
write, 0 flush, 0 stat, 0 lseek and 0 lockf Jun 28 10:56:43 rfiod[23622]:
rclose64_v3(1, 2): 0 bytes read and 666 bytes written Jun 28 10:56:43
rfiod[22554]: Waiting for end of child 23622, status 0
I still think that rfio should be firewalled off at most sites
(it runs as root), but it's not the gaping hole it seems to have
been!
Cheers
Graeme
--
--------------------------------------------------------------------
Dr Graeme Stewart http://www.physics.gla.ac.uk/~graeme/
Department of Physics and Astronomy, University of Glasgow, Scotland
|