Elaborating a little bit, as explained in:
In the old CREAM CE (CREAM CE < 1.6.3) the sudoers file was
scratched at each yaim reconfiguration and filled with just the stuff
needed for CREAM. This meant that local customizations were scratched. In
the new CREAM CE (CREAM CE 1.6.3) yaim:
- checks if the installed sudo version supports the include
directive (this should be the case for SL5, while this shouldn't be the
case for SL4)
- cleans from /etc/sudoers the CREAM related stuff existing from
a previous installation
- if sudo supports include directives (this should be the case
for SL5), yaim sets the CREAM related stuff in /etc/sudoers.forcream and
adds in /etc/sudoers the include of /etc/sudoers.forcream
- If sudo doesn't supports include directives (this should be
the case for SL4), yaim sets the CREAM related stuff in /etc/sudoers
There is a problem with the cleaning part, which doesn't work properly if
the name of the users don't include the name of the group: bug #75369
For gLite 3.2, when updating to CREAM CE 1.6.3 from previous versions this
means that the sudoers file could have some problems after the yaim
reconfiguration if the name of users don't "contain" the name of the
group. When the sudoers file is manually fixed, the problems won't happen
anymore in following yaim reconfigurations
Cheers, Massimo
On Tue, 16 Nov 2010, Jean-Michel Barbet wrote:
> Massimo Sgaravatto - INFN Padova wrote:
>
>> In the new CREAM CE yaim is supposed:
>>
>> a: to include the CREAM related stuff in /etc/sudoers.forcream
>> b: to clean from /etc/sudoers the CREAM related stuff existing from a
>> previous installation
>> c: to add in /etc/sudoers the include of /etc/sudoers.forcream
>>
>> It looks like there are in some cases a problem with b). Still
>> investigating when/how this happens
>
> Hi Massimo,
>
> Today I updated one of our CREAM-CEs to the latest update and I
> observed this problem. After YAIM reconfiguration, the file /etc/sudoers
> had parts of cream stuff left in it and it was causing problems.
>
> I cleaned the /etc/sudoers file and everything is fine. I kept the
> bad /etc/sudoers file for debugging purposes. I will send it to you
> in a separate mail on request.
>
> JM
>
>
> --
> ------------------------------------------------------------------------
> Jean-michel BARBET | Tel: +33 (0)2 51 85 84 86
> Laboratoire SUBATECH Nantes France | Fax: +33 (0)2 51 85 84 79
> CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: [log in to unmask]
> ------------------------------------------------------------------------
>
\|||/
-----------0oo----( o o )----oo0-------------------
(_)
INFN Sezione di Padova
Via Marzolo, 8
35131 Padova - Italy E-mail: massimo.sgaravatto [at] pd.infn.it
Tel: ++39 0498275908 Skype: massimo.sgaravatto
Fax: ++39 0498275952
|