LHC Computer Grid - Rollout [mailto:[log in to unmask]]
> On Behalf Of Arnau Bria said:
> After removing last line from groups, and removing 'atlas entry' from
> QUEUE_ENABLE:
groups.conf and *_GROUP_ENABLE are doing different things; the first one is about unix group mapping and the second one is about access to the CE. For the GROUP_ENABLE, once you've specified a VO name then everyone in that VO is allowed access so allowing extra FQANS in the same VO doesn't add anything. So normally GROUP_ENABLE will just have VO names, unless you want to restrict access to particular groups or roles only. Hence using something like /atlas is fairly pointless since everyone in atlas is in the /atlas group, which is why yaim has the warning.
However, there is an extra complication if you have FQANVOVIEWS set, which it seems that you have. In that case, instead of getting one VOView per VO you get one per FQAN. That option was introduced several years ago by the job priorities working group to allow publishing separate attributes (free slots etc) for e.g. production jobs and normal VO users. However I don't think it was ever tested very well or used by the VOs - by the time it came in they had mostly stopped using the WMS anyway. Do you have a good reason for doing that? Jeff was involved with that so he may have more idea of how well it works and whether there are likely to be problems with it.
Stephen
|