> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Daniela Bauer
>
> In my test setup (the one with the home-rolled glexec), I have the same
> accounts/users on the CE/WN/Argus, but I don't share the gridmapdir at all.
> As far as I can tell Argus does all the mapping and that's it.
>
I think your configuration is slightly adventurous in that (last I heard) the officially
supported approach was to use Argus for glExec, but to have each cream CE do
its own mappings; that would then require a shared gridmapdir. If you have
the CEs call out to Argus for the mappings then only it needs to be able to see
the gridmapdir.
> I can't see how this would work with two sets of disjoint accounts though.
>
I think the question reduces to "Does argus give you the username of a pool
account to use, or the UID/GID?", but I have no idea what the answer is.
On a practical level, if I were Matt I'd seriously consider changing the UIDs on
the machines I do have total control over to match the accounts on the shared
cluster, then enjoy my marginally quieter life.
Ewan
|