system (1) - Linux Man Pages
system: access control directives for ROOT daemons
system.rootdaemonrc, .rootdaemonrc - access control directives for ROOT daemons
ROOTDAEMORC, $HOME/.rootdaemonrc /etc/root/system.rootdaemonrc, $ROOTSYS/etc/system.rootdaemonrc
DESCRIPTIONThis manual page documents the format of directives specifying access control directives for ROOT daemons. These directives are read from a text file whose full path is taken from the environment variable ROOTDAEMONRC. If such a variable in undefined, the daemon looks for a file named .rootdaemonrc in the $HOME directory of the user starting the daemon; if this file does not exists either, the file system.rootdaemonrc, located under /etc/root or $ROOTSYS/etc, is used. If none of these file exists (or is readable), the daemon makes use of a default built-in directive derived from the configuration options of the installation.
- lines starting with '#' are comment lines.
- hosts can specified either with their name (e.g. pcepsft43), their FQDN (e.g. pcepsft43.cern.ch) or their IP address (e.g. 188.8.131.52).
- host names can be followed by :rootd, :proofd or :sockd to define directives applying only to the given service; 'sockd' applies to servers run from interactive sessions (TServerSocket class)
- directives applying to all host can be specified either by 'default' or '*'
- the '*' character can be used in any field of the name to indicate a set of machines or domains, e.g. pcepsft*.cern.ch applies to all 'pcepsft' machines in the domain 'cern.ch'. (to indicate all 'lxplus' machines you should use 'lxplus*.cern.ch' because internally the generic lxplus machine has a real name of the form lxplusnnn.cern.ch; you can also use 'lxplus' if you don't care about domain name checking).
- a whole domain can be indicated by its name, e.g. 'cern.ch', 'cnaf.infn.it' or '.ch'
- truncated IP address can also be used to indicate a set of machines; they are interpreted as the very first or very last part of the address; for example, to select 184.108.40.206, any of these is valid: '137.138.99', '137.138', '137`, '99.73'; or with wild cards: '137.13*' or '*.99.73`; however, '138.99' is invalid because ambiguous.
the information following the name or IP address indicates, in order of preference, the short names or the internal codes of authentication methods accepted for requests coming from the specified host(s); the ones implemented so far are: