Hello,
Actually, what Maarten said is not correct.
Setting the ACLs on the generated directory will still be needed when
the secondary groups support will be released (DPM 1.6.4).
For DPM questions, it would be much easier for us if you would contact
[log in to unmask] instead.
Thanks, Sophie.
>> Hi,
>>
>> At IL-BGU it looks like all sgm & prd, and probably other aacounts
>> with non default VO roles, get permission denied, probably since
>> they are
>> mapped to another gid.
>>
>>
>> select * from Cns_groupinfo;
>> +-------+------+---------------------+
>> | rowid | gid | groupname |
>> +-------+------+---------------------+
>> | 1 | 102 | dteam |
>> | 2 | 103 | ops |
>> | 3 | 104 | ops/Role=lcgadmin |
>> | 4 | 105 | alice |
>> | 5 | 106 | atlas |
>> | 6 | 107 | biomed |
>> | 7 | 108 | cms |
>> | 8 | 109 | lhcb |
>> | 9 | 110 | atlas/Role=lcgadmin |
>> +-------+------+---------------------+
>>
>> for the command , run from atlassgm001 aacount on WN with proxy i
>> have caputured during atlas SAM test job running:
>> [atlassgm001@wn01 ~]$ globus-url-copy
>> file:/boot/vmlinuz-2.6.9-42.0.10.EL.cernsmp
>> gsiftp://cs-grid2.bgu.ac.il/dpm/bgu.ac.il/home/atlas/kernel
>> error: the server sent an error response: 553 553
>> /dpm/bgu.ac.il/home/atlas/kernel: Permission denied.
>>
>> the following info in dpns daemon log is logged:
>> -------------------------------------------------------------------------------------
>>
>> 04/23 14:50:26 9860,0 Cns_srv_getidmap: NS092 - getidmap request by
>> root (0,0) from cs-grid2.bgu.ac.il
>> 04/23 14:50:26 9860,0 Cns_srv_getidmap: NS098 - getidmap
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas
>> 04/23 14:50:26 9860,0 Cns_srv_getidmap: returns 0
>> 04/23 14:50:26 9860,0 Cns_srv_stat: NS092 - stat request by
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas (113,110) from
>> cs-grid2.bgu.ac.il
>> 04/23 14:50:26 9860,0 Cns_srv_stat: NS098 - stat 0
>> /dpm/bgu.ac.il/home/atlas/kernel
>> 04/23 14:50:26 9860,0 Cns_srv_stat: returns 2
>> 04/23 14:50:26 9860,0 Cns_srv_getidmap: NS092 - getidmap request by
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas (113,106) from
>> cs-grid2.bgu.ac.il
>> 04/23 14:50:26 9860,0 Cns_srv_getidmap: NS098 - getidmap
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas
>> 04/23 14:50:26 9860,0 Cns_srv_getidmap: returns 0
>> 04/23 14:50:26 9860,0 Cns_srv_getgrpbygid: NS092 - getgrpbygid
>> request by
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas (113,106) from
>> cs-grid2.bgu.ac.il
>> 04/23 14:50:26 9860,0 Cns_srv_getgrpbygid: NS098 - getgrpbygid 110
>> 04/23 14:50:26 9860,0 Cns_srv_getgrpbygid: returns 0
>> 04/23 14:50:26 9860,0 Cns_srv_getgrpbygid: NS092 - getgrpbygid
>> request by
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas (113,110) from
>> cs-grid2.bgu.ac.il
>> 04/23 14:50:26 9860,0 Cns_srv_getgrpbygid: NS098 - getgrpbygid 110
>> 04/23 14:50:26 9860,0 Cns_srv_getgrpbygid: returns 0
>> 04/23 14:50:26 9860,0 Cns_srv_stat: NS092 - stat request by
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas (113,110) from
>> cs-grid2.bgu.ac.il
>> 04/23 14:50:26 9860,0 Cns_srv_stat: NS098 - stat 0
>> /dpm/bgu.ac.il/home/atlas/kernel
>> 04/23 14:50:26 9860,0 Cns_srv_stat: returns 2
>> 04/23 14:50:26 9860,0 Cns_srv_creat: NS092 - creat request by
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas (113,110) from
>> cs-grid2.bgu.ac.il
>> 04/23 14:50:26 9860,0 Cns_srv_creat: NS098 - creat
>> /dpm/bgu.ac.il/home/atlas/kernel 664 0
>> 04/23 14:50:26 9860,0 Cns_srv_creat: returns 13
>> 04/23 14:50:27 9860,0 Cns_srv_getidmap: NS092 - getidmap request by
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas (113,106) from
>> cs-grid2.bgu.ac.il
>> 04/23 14:50:27 9860,0 Cns_srv_getidmap: NS098 - getidmap
>> /C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217 - Atlas
>> 04/23 14:50:27 9860,0 Cns_srv_getidmap: returns 0
>> -------------------------------------------------------------------------------------
>>
>>
>> -------------------------------------------------------------------------------------
>>
>> $ dpns-ls -l /dpm/bgu.ac.il/home
>> drwxrwxr-x 0 root 105 0 Apr 22 01:38 alice
>> drwxrwxr-x 0 root 106 0 Apr 22 01:38 atlas
>> drwxrwxr-x 0 root 107 0 Apr 22 01:38 biomed
>> drwxrwxr-x 0 root 108 0 Apr 22 01:38 cms
>> drwxrwxr-x 1 root 102 0 Apr 22 01:46 dteam
>> drwxrwxr-x 0 root 109 0 Apr 22 01:38 lhcb
>> drwxrwxr-x 1 root 103 0 Oct 06 2006 ops
>> -------------------------------------------------------------------------------------
>>
>>
>> Any ideas how this should be fixed?
>
>
> On your DPM server as root run the attached script like this:
>
> sh dpns-fix-acl.txt alice atlas biomed cms dteam lhcb ops
>
> With DPM version 1.6.4 one will no longer need to do that.
>
>------------------------------------------------------------------------
>
>#!/bin/sh
>
>export DPNS_HOST=`hostname -f`
>domain=`echo "$DPNS_HOST" | sed 's/[^.]*.//'`
>date=`date +%Y-%m-%d`
>
>for VO
>do
> dpns-entergrpmap --group "$VO/Role=production"
> dpns-entergrpmap --group "$VO/Role=lcgadmin"
>
> for dir in '' generated generated/$date
> do
> d=/dpm/$domain/home/$VO/$dir
>
> dpns-setacl -m "g:$VO/Role=lcgadmin:rwx,m:rwx" $d
> dpns-setacl -m "g:$VO/Role=production:rwx,m:rwx" $d
> dpns-setacl -m "d:g:$VO/Role=lcgadmin:rwx,d:m:rwx" $d
> dpns-setacl -m "d:g:$VO/Role=production:rwx,d:m:rwx" $d
> done
>done
>
>
--
Sophie Lemaitre
CERN - IT/GD Group - Grid Data Management Team
Bat 28 - 1st floor - Office 015
Tel: +41 22 767 06 77
|