Andreas Gellrich wrote:
> Hi *,
> We just saw that yaim assumes the existence of pool accounts for the
> 'sgm' and 'prd' accounts. Therefore in /opt/edg/etc/lcmaps/gridmapfile
> we found mappings such as:
> "/VO=dteam/GROUP=/dteam/ROLE=lcgadmin/Capability=NULL" .dteamsgm
> "/VO=dteam/GROUP=/dteam/ROLE=lcgadmin" .dteamsgm
> "/VO=dteam/GROUP=/dteam/ROLE=production/Capability=NULL" .dteamprd
> "/VO=dteam/GROUP=/dteam/ROLE=production" .dteamprd
> although those pool accounts do not exist.
> Why is that? The possibility to have pools for sgm and prd was said to
> be optional.
The idea was to finally fix the security issues with the static accounts,
so we did not want to give an easy option to just ignore these changes.
We had to make an exception for the VOBOX, because we do not yet have a
"sudo" service allowing all sgm accounts to control the services of the VO.
But at least on the CE, RB etc. we should do the cleanup...