Database Reference
In-Depth Information
in the root of the file namespace visible to applications run within Parrot. For
example, the HTTP driver makes HTTP servers visible under files named like
/http/server.somewhere.edu/mydata
. Drivers are provided for a variety of
protocols such as GridFTP,
5
Nest
13
and RFIO.
7
However, for the reasons
described above, none of these protocols is perfectly suited for performing
remote I/O.
To address this problem, we created the Chirp protocol and server in
order to provide the precise Unix I/O semantics required by Unix appli-
cations. A Chirp server is a user-level process that can be deployed by
any user without special privileges. It exports a local file system to remote
users via a protocol that closely resembles the Unix I/O interface, con-
taining operations such as
open
,
read
,
stat
, and so forth. Like the other
protocols, data on a Chirp server can be accessed under the path name
/chirp/server.somewhere.edu/mydata
.
Each Chirp server periodically makes itself known to a global catalog server
by sending a UDP packet listing its name, address, and other vital information.
Information about all known Chirp servers can be obtained by querying the
catalog server via a Web browser, or by executing
ls /chirp
within Parrot.
Chirp provides a flexible security model that is suited to the cooperative na-
ture of large-scale distributed computing. The user may choose from a variety
of mechanisms, depending on the degree of security required.
Upon connecting to a Chirp server, the client may authenticate with
Kerberos,
77
the Globus Grid Security Infrastructure,
29
or by simple host-
names. Depending on what method is chosen, a given user might be known
by any of the following subject names:
kerberos:smith@somewhere.edu
globus:/O=Somewhere/CN=Smith
hostname:client.somewhere.edu
Each directory in a Chirp server is protected by an access control list that
lists acceptable subjects and access rights. Clearly, this access control list can-
not be stored in the standard nine bits reserved for access control in Unix.
Instead, each directory has a hidden file
.__acl
, which can be manipulated
with the commands
parrot getacl
and
parrot setacl
. For example, the
following access control list grants read access to any client at the campus
computing center, any client holding Globus credentials issued by the univer-
sity, and all other rights to a single Kerberos user:
hostname:*.hpc.somewhere.edu
RL
globus:/O=Somewhere/*
RL
kerberos:smith@somewhere.edu
RWLDA
Using Parrot and Chirp together, a user can run any sort of program on one
machine and use it to access data on any other machine on the Internet as if it
were in the local file system, while protected by strong security mechanisms.
