On Wed, 6 Jun 2007, Yiannis Ioannou wrote:
> Hello Nikola,
>
> From the previous posts to the list, I assume that you have used the
> following format for your computing element:
>
> ============================
> 15057:opssgm02:1520,1500:opssgm,ops:ops:sgm:
> 15058:opssgm03:1520,1500:opssgm,ops:ops:sgm:
> 15059:opssgm04:1520,1500:opssgm,ops:ops:sgm:
> 15060:opssgm05:1520,1500:opssgm,ops:ops:sgm:
> =============================
>
> If you have configured the computing element with a user configuration file
> containing entries like the above, it will not work. The reason is that the
> created users (opssgm001...) will have as primary group the opssgm group,
> but in order to work, the user accounts must primarily belong to ops. Only
> the primary group is checked against the acl_group variable of the pbs
> server.
Please follow the advice given by Antun and others: let YAIM handle that.
The "sgm" accounts currently must have their "opssgm" group as _primary_
group, otherwise the VO software area becomes writable for everyone in the VO.
Note that a new YAIM will be released fairly soon that allows sites to keep
using the old sgm and prd accounts (but also the new pool accounts, which
are still the preferred approach).
|