SYSTEM.ROOTDAEMONRC(1) General Commands Manual SYSTEM.ROOTDAEMONRC(1)
NOTA BENE
Usage of this file is deprecated and will be removed in future versions
of ROOT.
Please contact the ROOT team at http://root.cern.ch in the unlikely
event this change is disruptive for your workflow.
NAME
system.rootdaemonrc, .rootdaemonrc - access control directives for ROOT
daemons
LOCATIONS
ROOTDAEMORC, $HOME/.rootdaemonrc
/etc/root/system.rootdaemonrc, $ROOTSYS/etc/system.rootdaemonrc
DESCRIPTION
This manual page documents the format of directives specifying access
control directives for ROOT daemons. These directives are read from a
text file whose full path is taken from the environment variable
ROOTDAEMONRC. If such a variable in undefined, the daemon looks for a
file named .rootdaemonrc in the $HOME directory of the user starting
the daemon; if this file does not exists either, the file
system.rootdaemonrc, located under /etc/root or $ROOTSYS/etc, is used.
If none of these file exists (or is readable), the daemon makes use of
a default built-in directive derived from the configuration options of
the installation.
FORMAT
* lines starting with '#' are comment lines.
* hosts can specified either with their name (e.g. pcepsft43),
their FQDN (e.g. pcepsft43.cern.ch) or their IP address (e.g.
137.138.99.73).
* directives applying to all host can be specified either by
'default' or '*'
* the '*' character can be used in any field of the name to
indicate a set of machines or domains, e.g. pcepsft*.cern.ch
applies to all 'pcepsft' machines in the domain 'cern.ch'. (to
indicate all 'lxplus' machines you should use 'lxplus*.cern.ch'
because internally the generic lxplus machine has a real name of
the form lxplusnnn.cern.ch; you can also use 'lxplus' if you
don't care about domain name checking).
* a whole domain can be indicated by its name, e.g. 'cern.ch',
'cnaf.infn.it' or '.ch'
* truncated IP address can also be used to indicate a set of
machines; they are interpreted as the very first or very last
part of the address; for example, to select 137.138.99.73, any
of these is valid: '137.138.99', '137.138', '137`, '99.73'; or
with wild cards: '137.13*' or '*.99.73`; however, '138.99' is
invalid because ambiguous.
* the information following the name or IP address indicates, in
order of preference, the short names or the internal codes of
authentication methods accepted for requests coming from the
specified host(s); the ones implemented so far are:
Method nickname code
UsrPwd usrpwd 0
Methods not specified explicitly are not accepted.
* Lines ending with '' are followed by additional information for
the host on the next line; the name of the host should not be
repeated.
EXAMPLES
Valid examples:
default none
All requests are denied unless specified by dedicated
directives.
default 0
Authentication mechanisms allowed by default are 'usrpwd' (code
0)
137.138. 0
Authentication mechanisms allowed from host in the domain
137.138. (cern.ch) are 'usrpwd' (code 0)
lxplus*.cern.ch 0:qwerty:uytre
Requests from the lxplus cluster from users 'qwerty' and 'uytre'
can authenticate using 'usrpwd'.
pcep*.cern.ch 0:-qwerty
Requests from the pcep*.cern.ch nodes can authenticate using
'usrpwd' when accessing the 'rootd' daemon ; user 'qwerty'
cannot use 'usrpwd'.
For more information on the ROOT system, please refer to
http://root.cern.ch/ .
ORIGINAL AUTHORS
The ROOT team (see web page above):
Rene Brun and Fons Rademakers
COPYRIGHT
This library is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
This library is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA
AUTHOR
This manual page was written by G. Ganis .
ROOT Version 4 SYSTEM.ROOTDAEMONRC(1)