[gold-users] Authorization Issue of gold.

Dheeraj KV kvdheeraj at indiatimes.com
Thu Apr 28 02:25:19 MDT 2011


Hi 
        We have created a separate user named golduser and have given permission for SystemAdmin and Scheduler. Instead of running a command as root, we want it to run as golduser. 
The schema for g_role_user is given below:
mysql> select * from g_role_user;
+-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
| g_role      | g_name   | g_deleted | g_creation_time | g_modification_time | g_request_id | g_transaction_id |
+-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
| SystemAdmin | root     | True      |      1300428369 |          1303970222 |          728 |              455 |
| Scheduler   | root     | True      |      1300428369 |          1303978237 |          946 |              597 |
| Anonymous   | ANY      | False     |      1300428369 |          1300428369 |            0 |                0 |
| OVERRIDE    | ANY      | False     |      1300428369 |          1300428369 |          257 |              257 |
| SystemAdmin | golduser | False     |      1303715186 |          1303715186 |          319 |              323 |
| Scheduler   | golduser | False     |      1303975821 |          1303975821 |          932 |              590 |
+-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
and g_role_action is
mysql> select * from g_role_action;
+--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
| g_role       | g_object              | g_name  | g_instance | g_deleted | g_creation_time | g_modification_time | g_request_id | g_transaction_id |
+--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
| SystemAdmin  | ANY                   | ANY     | ANY        | False     |      1300428369 |          1300428369 |            0 |                0 |
| Anonymous    | ANY                   | Query   | ANY        | False     |      1300428369 |          1300428369 |            0 |                0 |
| Anonymous    | Password              | ANY     | SELF       | False     |      1300428369 |          1300428369 |            0 |                0 |
| Anonymous    | Account               | Balance | ANY        | False     |      1300428369 |          1300428369 |          243 |              243 |
| ProjectAdmin | Project               | ANY     | ADMIN      | False     |      1300428369 |          1300428369 |          245 |              245 |
| UserServices | Job                   | Refund  | ANY        | False     |      1300428369 |          1300428369 |          247 |              247 |
| UserServices | User                  | ANY     | ANY        | False     |      1300428369 |          1300428369 |          248 |              248 |
| UserServices | Machine               | ANY     | ANY        | False     |      1300428369 |          1300428369 |          249 |              249 |
| UserServices | Project               | ANY     | ANY        | False     |      1300428369 |          1300428369 |          250 |              250 |
| UserServices | ProjectUser           | ANY     | ANY        | False     |      1300428369 |          1300428369 |          251 |              251 |
| UserServices | ProjectMachine        | ANY     | ANY        | False     |      1300428369 |          1300428369 |          252 |              252 |
| Scheduler    | Job                   | Charge  | ANY        | False     |      1300428369 |          1300428369 |          254 |              254 |
| Scheduler    | Job                   | Quote   | ANY        | False     |      1300428369 |          1300428369 |          255 |              255 |
| Scheduler    | Job                   | Reserve | ANY        | False     |      1300428369 |          1300428369 |          256 |              256 |
| Scheduler    | Reservation           | Delete  | ANY        | False     |      1300428369 |          1300428369 |          257 |              257 |
| OVERRIDE     | Account               | Balance | ANY        | False     |      1300428369 |          1300428369 |          258 |              258 |
| Scheduler    | ReservationAllocation | Delete  | ANY        | False     |      1303978505 |          1303978505 |          952 |              605 |
+--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
17 rows in set (0.00 sec)

But when firing the below given command as golduser we are getting the error.
golduser at cmsn0 ~]$ grmalloc -i 4
root is not authorized to perform this function (ReservationAllocation Delete)

We are using Gold version 2.1.12.2. and permission  of gold commands are
-rwxr-xr-x. 1 root root 6262 2011-03-18 11:36 /opt/gold/bin/grmaccount
-rwxr-xr-x. 1 root root 6608 2011-03-18 11:36 /opt/gold/bin/grmalloc
-rwxr-xr-x. 1 root root 6275 2011-03-18 11:36 /opt/gold/bin/grmmachine
-rwxr-xr-x. 1 root root 6275 2011-03-18 11:36 /opt/gold/bin/grmproject
-rwxr-xr-x. 1 root root 6525 2011-03-18 11:36 /opt/gold/bin/grmquote
-rwxr-xr-x. 1 root root 6816 2011-03-18 11:36 /opt/gold/bin/grmres
-rwxr-xr-x. 1 root root 6225 2011-03-18 11:36 /opt/gold/bin/grmuser

Any kind of input is much appreciated.

Thanks 
Dheeraj K V 





More information about the gold-users mailing list