[tahoe-dev] User management

[Francesco Albanese]

The reason is very stupid: we are of group of students working on a
deployment test over an academic network. Since we don't have a
dedicated user yet (we depend on nix admins), we would like to control
the activity of a node (start/stop) using our personal accounts,
without caring of being the creator of the node we want to control or
not.
However I found your remarks very interesting and I am pleased that
this newsletter is very interactive. Soon I'm going to post my
installation experiences, as requested by zooko.

Thanks,


F.Albanese

On 01/12/2007, Brian Warner <warner at allmydata.com> wrote:
> On Sat, 1 Dec 2007 10:01:30 -0700
> zooko <zooko at zooko.com> wrote:
>
> > > that several users belonging to the same group could start the same
> > > node, even if they are not the creator of the node. I've tried to do
> > > this, but I've got an error (failed to launch app errno1) on the
> > > certificate file (node.pem), so I suppose that the node certificate
> > > is also dependent on the node creator.
> >
> > Hello Francesco.
> >
> > It isn't that Tahoe detects the user and changes its behavior based
> > on the user, it is that tahoe changes the permission bits in your
> > unix filesystem.
>
> It's important to remember that there can only be one instance of the node
> running at a time. The "node.pem" file (which holds the private key used by
> this node) is what directly determines the "node id" (just a hash of the
> corresponding public key), and the nodeid needs to be distinct for each node
> in a Tahoe grid.
>
> Allowing multiple node processes to use the same key material would result in
> a very confused grid, in which there are multiple entities with the same
> nodeid. Since nodes only accept or create one connection per nodeid, this
> would mean most of your nodes won't be able to talk to each other.
>
>
> I'm curious about your motivation: do you have several users (all in the same
> group) who want to share files with each other using tahoe? If so, the
> recommended approach is to have each user run their own node, one process per
> user (each with its own basedir and node.pem, etc). If your goal is to allow
> them to share a common virtual directory, then just have one of them create a
> new directory, then cut-and-paste the FURL of that directory to the others.
> Once everybody has added that FURL into their own private vdrives somewhere,
> they can all read and write to it equally, each through their own node.
>
> Or perhaps you are concerned about resource utilization, and only want to
> have one tahoe node running on your computer even though you don't know ahead
> of time which user is going to want to use it. In this case, you might
> consider having one designated user start the node and leave it running for a
> long period of time, perhaps by using a crontab "@reboot" entry to
> automatically launch it at boot time. (note that this might be a special
> account dedicated to this purpose, much like the 'lp' account is used to run
> the printer-control daemons in most unix systems). The multiple users can
> then all access the same HTTP "webport", by copying the relevant URLs out of
> the 'start.html' file. That start.html file will be chmod'ed go-r by the
> first user, but that won't stop them from making a group-readable copy of it
> for everyone else. This approach gives multiple users a way to share the same
> tahoe node, meaning they all get the same private vdrive directory and that
> the grid has no way to distinguish between them.
>
>
> hope that helps,
>  -Brian
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at allmydata.org
> http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
>