On 19-11-12 14:35, Winnie Lacesso wrote:
> Greetings,
>
> We have 2 old CEs that mount /etc/grid-security/gridmapdir from a central
> NFS server. glexec has the same UID & GID on both CE (that might've been
> hand-crafted, not sure).
>
> We also have a new test emi-2 cream-ce that mounts it, but I notice that
> glexec account on it (created by yaim) has a different UID & GID.
>
> I found this:
> http://scotgrid.blogspot.co.uk/2011/02/covering-up-problems-with-cream.html
> saying "CREAM CEs (using glexec), need to have their gridmapdir as 0775
> root:glexec"
>
> It sounds like the UID/GID of glexec on the new emi-2 cream-ce should
> change to the the same as the others? What needs to be stopped & restarted
> on emi-2 cream-ce to do that?
>
> Current permissions on gridmapdir (on the NFS server) are 770 & it's in
> group edguser, which has the same GID on both emi-1 ce & emi-2 CE.
>
> Had a look at CREAM/SystemAdministratorGuideForEMI2 &
> CREAM/TroubleshootingGuide & don't see anything at all about gridmapdir or
> glexec.
>
> Grateful for advice!
Hello,
Could you indicate if you have an operational problem at the moment or if
this is just an inquiry? I want to be sure, because I didn't really
understand the problem you are facing.
Indeed YAIM could create a glexec user which differs on its UID/GID
combination per machine. I would not recommend to change the UID/GID
combination as you would also need to change the 'glexec.conf' file
ownership accordingly. This is the file that is read with lowered privileges
corresponding to the glexec account on the system. This makes it a system
local thing and is to be consider as a separate thing from accessing the
gridmapdir.
For information browsing purposes I'd like to recommend our wiki on gLExec
which includes background info, man pages and more:
http://wiki.nikhef.nl/grid/GLExec
I hope this helps.
Oscar
|