Add preliminary support for secondary GIDs

[bbockelm]

This has a functional setup for uploading, downloading, and making directories where secondary GIDs are needed for access.

Current limitations:

• I did not go through the entire API (e.g., rmdir won't work correctly) as I wanted to get this out the door for testing at Chicago. If all goes well, we can flesh out more in the future.
• This is only going to work as desired for directories with setgid enabled.

Toward the second item: we can only open a file with a single filesystem GID. If multiple GIDs are needed to walk the entire directory tree (e.g., /tmp/foo is only readable by group A and /tmp/foo/bar is only readable by group B) then this approach would fail.

A complete solution would require stepping up the directory tree using openat (potentially switching the FS GID at each layer). That's a lot more complex than the current approach -- and, to boot, the XRootD API doesn't wrap the *at functions. Hence, you'd need to create an object, run Opendir, get the underlying file descriptor (see the current Mkdir for an example) at each step of the way; basically, one would need to abuse the existing API and wrap it with a complete new one.

So, this solution is not complete; however, in all the use cases, we plan to only use setgid directories ... meaning that there's no current use case for the missing functionality and I'm OK to come back later.

[bbockelm]

@djw8605 - would you be able to review this? Would like to get a solution out to Lincoln.

[bbockelm]

@djw8605 - wanted to bump this up your review queue since Lincoln is waiting for it.

[jthiltges]

I'm curious about setfsuid/setfsgid over seteuid/setgid/setgroups. It does seem to be the model that samba uses.

[bbockelm]

@jthiltges - unfortunately, seteuid/setgid/setgroups takes effect at the process level. Given everything in XRootD is thread-based, it'd be akin to a global mutex on IO. Not even sure that's possible at this level there could always be other threads accessing the local filesystem that are unrelated to the XrdOss stack.

So, we're stuck with setfsuid/setfsgid.

[brianhlin]

Superseded by #47