[GE users] Unix groups in access control lists

jagladden gladden at chem.washington.edu
Sat Jun 27 04:49:08 BST 2009


I am trying to restrict access to a cluster queue based on unix group 
membership but so far I have not been successful in getting an access 
control list to successfully recognize members of a unix group.  As can 
be seen below, user "gladden" is a member of the group "core":

[gladden at bonanza sge_test]$ groups
gladden ligroup gaussian vasp core noncore
[gladden at bonanza sge_test]$

Furthermore, "@core" is a member of the ACL "core_users":

[gladden at bonanza sge_test]$ qconf -su core_users
name    core_users
type    ACL
fshare  0
oticket 0
entries @core
[gladden at bonanza sge_test]$

And finally, access to the queue "serial.q" is limited to those 
specified by the access control list "core_users":

[gladden at bonanza sge_test]$ qconf -sq serial.q | grep user_lists
user_lists            core_users
xuser_lists           NONE
[gladden at bonanza sge_test]$

However, if I attempt to submit a job to the cluster queue from the 
"gladden" account I get:

[gladden at bonanza sge_test]$ qsub -q serial.q -w e simple.sh
Unable to run job: warning: gladden your job is not allowed to run in 
any queue
error: no suitable queues.
Exiting.
[gladden at bonanza sge_test]$

I can fix the problem by explicitly adding "gladden" to the access 
control list so I have:

[gladden at bonanza sge_test]$ qconf -su core_users
name    core_users
type    ACL
fshare  0
oticket 0
entries @core,gladden
[gladden at bonanza sge_test]$

Then "gladden" is able to submit jobs to the queue:

[gladden at bonanza sge_test]$ qsub -q serial.q -w e simple.sh
Your job 277 ("simple.sh") has been submitted
[gladden at bonanza sge_test]$

So the explicit user entry in the ACL works, but the unix group entry 
does not.  Any idea what I am doing wrong?

James Gladden

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=203971

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list