[tahoe-dev] User management
Brian Warner
warner at allmydata.com
Sat Dec 1 12:06:45 PST 2007
On Sat, 1 Dec 2007 10:01:30 -0700
zooko <zooko at zooko.com> wrote:
> > that several users belonging to the same group could start the same
> > node, even if they are not the creator of the node. I've tried to do
> > this, but I've got an error (failed to launch app errno1) on the
> > certificate file (node.pem), so I suppose that the node certificate
> > is also dependent on the node creator.
>
> Hello Francesco.
>
> It isn't that Tahoe detects the user and changes its behavior based
> on the user, it is that tahoe changes the permission bits in your
> unix filesystem.
It's important to remember that there can only be one instance of the node
running at a time. The "node.pem" file (which holds the private key used by
this node) is what directly determines the "node id" (just a hash of the
corresponding public key), and the nodeid needs to be distinct for each node
in a Tahoe grid.
Allowing multiple node processes to use the same key material would result in
a very confused grid, in which there are multiple entities with the same
nodeid. Since nodes only accept or create one connection per nodeid, this
would mean most of your nodes won't be able to talk to each other.
I'm curious about your motivation: do you have several users (all in the same
group) who want to share files with each other using tahoe? If so, the
recommended approach is to have each user run their own node, one process per
user (each with its own basedir and node.pem, etc). If your goal is to allow
them to share a common virtual directory, then just have one of them create a
new directory, then cut-and-paste the FURL of that directory to the others.
Once everybody has added that FURL into their own private vdrives somewhere,
they can all read and write to it equally, each through their own node.
Or perhaps you are concerned about resource utilization, and only want to
have one tahoe node running on your computer even though you don't know ahead
of time which user is going to want to use it. In this case, you might
consider having one designated user start the node and leave it running for a
long period of time, perhaps by using a crontab "@reboot" entry to
automatically launch it at boot time. (note that this might be a special
account dedicated to this purpose, much like the 'lp' account is used to run
the printer-control daemons in most unix systems). The multiple users can
then all access the same HTTP "webport", by copying the relevant URLs out of
the 'start.html' file. That start.html file will be chmod'ed go-r by the
first user, but that won't stop them from making a group-readable copy of it
for everyone else. This approach gives multiple users a way to share the same
tahoe node, meaning they all get the same private vdrive directory and that
the grid has no way to distinguish between them.
hope that helps,
-Brian
More information about the tahoe-dev
mailing list