Well, it should does the trick. At least, we had test it on dCache at
Tier1 when the CNAF incident happened 2 weeks ago (credit to Derek). The
log shows that the mapping is failure therefore the user will not have a
local account, thus the user will not be able to access files on dCache.
Cheers,
Mingchao
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Henry Nebrensky
> Sent: 07 November 2007 13:40
> To: [log in to unmask]
> Subject: Re: Heinz's data
>
> On Wed, 7 Nov 2007, Greig Alan Cowan wrote:
>
> > I should add that I know one way of banning him from the SE is to
> > remove him from the grid-mapfile, but this will be
> recreated every few hours.
> > How do you actually blacklist him?
> >
> > On the CE there is a file /opt/edg/etc/lcas/ban_user.db, but this
> > doesn't exist on DPM/dCache nodes. For sites using dCache with
> > gPlazma, I think banning is possible.
>
> What would happen if you used the local grid-mapfile override
> that I've forgotten the name of, to map him to some non-pool,
> possibly non-existent user?
>
> Thanks
>
> Henry
>
> --
> Dr. Henry Nebrensky [log in to unmask]
> http://people.brunel.ac.uk/~eesrjjn
> "The opossum is a very sophisticated animal.
> It doesn't even get up until 5 or 6 p.m."
>
|