Hi,
isn't the case for ANOTHER EGEE-BROADCAST??
I don't think all the sites-admin follow this mailing list.
Cristina
Maarten Litmaath wrote:
> Dear colleagues,
> we have identified a problem in the way the latest YAIM
> configures the ownership of the VO software area.
>
> First, for the time being, sites are advised to keep using
> their _existing_ users.conf and groups.conf on the _VOBOX_.
>
> This means that on the VOBOX "sgm" users will remain mapped
> to their original static accounts, so that all sgm users in
> a VO can manage the VO services running on the VOBOX.
>
> Unfortunately YAIM's config_sw_dir function changes the
> ownership of the software area to the first sgm pool account
> found for the VO. This means that the original sgm account
> can no longer write in that area, since it does not belong
> to the new group for sgm accounts.
>
> We advise sites to override the config_sw_dir function by
> creating $GLITE_LOCATION/yaim/functions/local/config_sw_dir
> with these contents:
>
> ------------------------------------------------------------
> function config_sw_dir () {
> return 0
> }
> ------------------------------------------------------------
>
> We also advise ensuring the software area for a VO remains
> owned by the original static sgm account for that VO, while
> at the same time making it group-writable for the new group
> of sgm accounts (so that software may be installed by jobs
> running on WNs).
>
> For example, suppose the ALICE software area is under
> /opt/exp_soft/alice, its original owner was the static
> "alicesgm" account, and the new UNIX group for the sgm pool
> accounts for ALICE is called "alicesgm" as well.
>
> Then the site admin should run the following commands once:
>
> ------------------------------------------------------------
> chown -R alicesgm:alicesgm /opt/exp_soft/alice
> chmod -R 775 /opt/exp_soft/alice
> ------------------------------------------------------------
>
> At the moment YAIM calls config_sw_dir for every VOBOX
> (which a site may not have) and, what is worse, for every WN.
> We are thinking about how to ensure that the function will
> be called exactly once. For the moment it would have to be
> for the site admin to run the necessary commands explicitly.
> Thanks,
> Maarten
>
--
---
Cristina Aiftimiei - EGEE Project
Ist. Naz. di Fisica Nucleare - Padova
Address: via F. Marzolo, 8 - 35131 Padova - ITALY
Phone: +39.049.8277005
Mobile: +39.3460230488
|