On 06/14/2012 12:34 PM, Daniela Bauer wrote:
> user_white_list = .lt2-opsplt,<if,there,are>
Hi Daniela;
Maybe I've seen 202 before, but I can't remember why! What's the
".lt2-opsplt,<if,there,are>" line for? If,There,Are? It looks like a
bug. Anything in syslog?
Note: My /opt/glite/etc/glexec.conf is slightly different:
[root@r21-n01 scripts]# cat /opt/glite/etc/glexec.conf
[glexec]
silent_logging = no
log_level = 0
user_white_list = .pilalc,.pilatl,.pilcms,.pillhb,.pilops
linger = yes
target_lock_mechanism = flock
input_lock_mechanism = flock
lcmaps_db_file = /opt/glite/etc/lcmaps/lcmaps-glexec.db
lcmaps_log_file = /var/log/glexec/lcas_lcmaps.log
lcmaps_debug_level = 0
lcmaps_log_level = 1
lcmaps_get_account_policy = glexec_get_account
lcmaps_verify_account_policy = glexec_verify_account
lcas_db_file = /opt/glite/etc/lcas/lcas-glexec.db
lcas_log_file = /var/log/glexec/lcas_lcmaps.log
lcas_debug_level = 0
lcas_log_level = 1
user_identity_switch_by = lcmaps
preserve_env_variables = no
log_destination = file
log_file = /var/log/glexec/glexec_log
Turn the logging up. And here's another test scheme:
Make a proxy.
voms-proxy-init --voms dteam
Be on test worker node, as root. Copy in the proxy.
scp root@hepgrid1://user2/sjones/.globus/x509up_u460 /tmp/x509up_u460
Change ownership of proxy to a pilot account.
chown pilatl01:atlas /tmp/x509up_u460
Change permissions.
chmod 600 /tmp/x509up_u460
Switch to the pilot user.
su - pilatl01
Run these commands to setup for the test.
export GLEXEC_CLIENT_CERT=/tmp/x509up_u460
export GLEXEC_SOURCE_PROXY=/tmp/x509up_u460
export X509_USER_PROXY=/tmp/x509up_u460
Do the test
/opt/glite/sbin/glexec /usr/bin/id
If all is well, you will see something like this:
uid=24683(dteam184) gid=2028(dteam) groups=2028(dteam)
Steve
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|