[gold-users] Authorization Issue of gold.

Scott Jackson scottmo at adaptivecomputing.com
Thu Apr 28 15:16:54 MDT 2011


Dheeraj,

Change your goldd.conf to specify super.user = golduser . Then restart goldd.
Certain actions in gold call other actions with elevated privileges. It uses the configured super.user value as the user to run the subcommands as.

Let me know if this does not work.

Thanks,

Scott

----- Original Message -----
> From: "Dheeraj KV" <kvdheeraj at indiatimes.com>
> To: gold-users at supercluster.org
> Sent: Thursday, April 28, 2011 2:25:19 AM
> Subject: [gold-users] Authorization Issue of gold.
> Hi
> We have created a separate user named golduser and have given
> permission for SystemAdmin and Scheduler. Instead of running a command
> as root, we want it to run as golduser.
> The schema for g_role_user is given below:
> mysql> select * from g_role_user;
> +-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
> | g_role | g_name | g_deleted | g_creation_time | g_modification_time
> | | g_request_id | g_transaction_id |
> +-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
> | SystemAdmin | root | True | 1300428369 | 1303970222 | 728 | 455 |
> | Scheduler | root | True | 1300428369 | 1303978237 | 946 | 597 |
> | Anonymous | ANY | False | 1300428369 | 1300428369 | 0 | 0 |
> | OVERRIDE | ANY | False | 1300428369 | 1300428369 | 257 | 257 |
> | SystemAdmin | golduser | False | 1303715186 | 1303715186 | 319 | 323
> | |
> | Scheduler | golduser | False | 1303975821 | 1303975821 | 932 | 590 |
> +-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
> and g_role_action is
> mysql> select * from g_role_action;
> +--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
> | g_role | g_object | g_name | g_instance | g_deleted |
> | g_creation_time | g_modification_time | g_request_id |
> | g_transaction_id |
> +--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
> | SystemAdmin | ANY | ANY | ANY | False | 1300428369 | 1300428369 | 0
> | | 0 |
> | Anonymous | ANY | Query | ANY | False | 1300428369 | 1300428369 | 0
> | | 0 |
> | Anonymous | Password | ANY | SELF | False | 1300428369 | 1300428369
> | | 0 | 0 |
> | Anonymous | Account | Balance | ANY | False | 1300428369 |
> | 1300428369 | 243 | 243 |
> | ProjectAdmin | Project | ANY | ADMIN | False | 1300428369 |
> | 1300428369 | 245 | 245 |
> | UserServices | Job | Refund | ANY | False | 1300428369 | 1300428369
> | | 247 | 247 |
> | UserServices | User | ANY | ANY | False | 1300428369 | 1300428369 |
> | 248 | 248 |
> | UserServices | Machine | ANY | ANY | False | 1300428369 | 1300428369
> | | 249 | 249 |
> | UserServices | Project | ANY | ANY | False | 1300428369 | 1300428369
> | | 250 | 250 |
> | UserServices | ProjectUser | ANY | ANY | False | 1300428369 |
> | 1300428369 | 251 | 251 |
> | UserServices | ProjectMachine | ANY | ANY | False | 1300428369 |
> | 1300428369 | 252 | 252 |
> | Scheduler | Job | Charge | ANY | False | 1300428369 | 1300428369 |
> | 254 | 254 |
> | Scheduler | Job | Quote | ANY | False | 1300428369 | 1300428369 |
> | 255 | 255 |
> | Scheduler | Job | Reserve | ANY | False | 1300428369 | 1300428369 |
> | 256 | 256 |
> | Scheduler | Reservation | Delete | ANY | False | 1300428369 |
> | 1300428369 | 257 | 257 |
> | OVERRIDE | Account | Balance | ANY | False | 1300428369 | 1300428369
> | | 258 | 258 |
> | Scheduler | ReservationAllocation | Delete | ANY | False |
> | 1303978505 | 1303978505 | 952 | 605 |
> +--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
> 17 rows in set (0.00 sec)
> 
> But when firing the below given command as golduser we are getting the
> error.
> golduser at cmsn0 ~]$ grmalloc -i 4
> root is not authorized to perform this function (ReservationAllocation
> Delete)
> 
> We are using Gold version 2.1.12.2. and permission of gold commands
> are
> -rwxr-xr-x. 1 root root 6262 2011-03-18 11:36 /opt/gold/bin/grmaccount
> -rwxr-xr-x. 1 root root 6608 2011-03-18 11:36 /opt/gold/bin/grmalloc
> -rwxr-xr-x. 1 root root 6275 2011-03-18 11:36 /opt/gold/bin/grmmachine
> -rwxr-xr-x. 1 root root 6275 2011-03-18 11:36 /opt/gold/bin/grmproject
> -rwxr-xr-x. 1 root root 6525 2011-03-18 11:36 /opt/gold/bin/grmquote
> -rwxr-xr-x. 1 root root 6816 2011-03-18 11:36 /opt/gold/bin/grmres
> -rwxr-xr-x. 1 root root 6225 2011-03-18 11:36 /opt/gold/bin/grmuser
> 
> Any kind of input is much appreciated.
> 
> Thanks
> Dheeraj K V
> 
> 
> 
> _______________________________________________
> gold-users mailing list
> gold-users at supercluster.org
> http://www.supercluster.org/mailman/listinfo/gold-users


More information about the gold-users mailing list