[gold-users] Authorization Issue of gold.

Dheeraj KV kvdheeraj at indiatimes.com
Fri Apr 29 00:51:51 MDT 2011


Hi

          Super user is already golduser. Still the command doesn't work.
Command executes successfully only if root is a SystemAdmin. 
If you have any other solution please help us.

Regards
Dheeraj K V



----- Original Message -----
From: Scott Jackson <scottmo at adaptivecomputing.com>
To: Gold Users Mailing List <gold-users at supercluster.org>
Sent: Fri, 29 Apr 2011 02:46:54 +0530 (IST)
Subject: Re: [gold-users] Authorization Issue of gold.

Dheeraj,

Change your goldd.conf to specify super.user = golduser . Then restart goldd.
Certain actions in gold call other actions with elevated privileges. It uses the configured super.user value as the user to run the subcommands as.

Let me know if this does not work.

Thanks,

Scott

----- Original Message -----
> From: "Dheeraj KV" <kvdheeraj at indiatimes.com>
> To: gold-users at supercluster.org
> Sent: Thursday, April 28, 2011 2:25:19 AM
> Subject: [gold-users] Authorization Issue of gold.
> Hi
> We have created a separate user named golduser and have given
> permission for SystemAdmin and Scheduler. Instead of running a command
> as root, we want it to run as golduser.
> The schema for g_role_user is given below:
> mysql> select * from g_role_user;
> +-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
> | g_role | g_name | g_deleted | g_creation_time | g_modification_time
> | | g_request_id | g_transaction_id |
> +-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
> | SystemAdmin | root | True | 1300428369 | 1303970222 | 728 | 455 |
> | Scheduler | root | True | 1300428369 | 1303978237 | 946 | 597 |
> | Anonymous | ANY | False | 1300428369 | 1300428369 | 0 | 0 |
> | OVERRIDE | ANY | False | 1300428369 | 1300428369 | 257 | 257 |
> | SystemAdmin | golduser | False | 1303715186 | 1303715186 | 319 | 323
> | |
> | Scheduler | golduser | False | 1303975821 | 1303975821 | 932 | 590 |
> +-------------+----------+-----------+-----------------+---------------------+--------------+------------------+
> and g_role_action is
> mysql> select * from g_role_action;
> +--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
> | g_role | g_object | g_name | g_instance | g_deleted |
> | g_creation_time | g_modification_time | g_request_id |
> | g_transaction_id |
> +--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
> | SystemAdmin | ANY | ANY | ANY | False | 1300428369 | 1300428369 | 0
> | | 0 |
> | Anonymous | ANY | Query | ANY | False | 1300428369 | 1300428369 | 0
> | | 0 |
> | Anonymous | Password | ANY | SELF | False | 1300428369 | 1300428369
> | | 0 | 0 |
> | Anonymous | Account | Balance | ANY | False | 1300428369 |
> | 1300428369 | 243 | 243 |
> | ProjectAdmin | Project | ANY | ADMIN | False | 1300428369 |
> | 1300428369 | 245 | 245 |
> | UserServices | Job | Refund | ANY | False | 1300428369 | 1300428369
> | | 247 | 247 |
> | UserServices | User | ANY | ANY | False | 1300428369 | 1300428369 |
> | 248 | 248 |
> | UserServices | Machine | ANY | ANY | False | 1300428369 | 1300428369
> | | 249 | 249 |
> | UserServices | Project | ANY | ANY | False | 1300428369 | 1300428369
> | | 250 | 250 |
> | UserServices | ProjectUser | ANY | ANY | False | 1300428369 |
> | 1300428369 | 251 | 251 |
> | UserServices | ProjectMachine | ANY | ANY | False | 1300428369 |
> | 1300428369 | 252 | 252 |
> | Scheduler | Job | Charge | ANY | False | 1300428369 | 1300428369 |
> | 254 | 254 |
> | Scheduler | Job | Quote | ANY | False | 1300428369 | 1300428369 |
> | 255 | 255 |
> | Scheduler | Job | Reserve | ANY | False | 1300428369 | 1300428369 |
> | 256 | 256 |
> | Scheduler | Reservation | Delete | ANY | False | 1300428369 |
> | 1300428369 | 257 | 257 |
> | OVERRIDE | Account | Balance | ANY | False | 1300428369 | 1300428369
> | | 258 | 258 |
> | Scheduler | ReservationAllocation | Delete | ANY | False |
> | 1303978505 | 1303978505 | 952 | 605 |
> +--------------+-----------------------+---------+------------+-----------+-----------------+---------------------+--------------+------------------+
> 17 rows in set (0.00 sec)
> 
> But when firing the below given command as golduser we are getting the
> error.
> golduser at cmsn0 ~]$ grmalloc -i 4
> root is not authorized to perform this function (ReservationAllocation
> Delete)
> 
> We are using Gold version 2.1.12.2. and permission of gold commands
> are
> -rwxr-xr-x. 1 root root 6262 2011-03-18 11:36 /opt/gold/bin/grmaccount
> -rwxr-xr-x. 1 root root 6608 2011-03-18 11:36 /opt/gold/bin/grmalloc
> -rwxr-xr-x. 1 root root 6275 2011-03-18 11:36 /opt/gold/bin/grmmachine
> -rwxr-xr-x. 1 root root 6275 2011-03-18 11:36 /opt/gold/bin/grmproject
> -rwxr-xr-x. 1 root root 6525 2011-03-18 11:36 /opt/gold/bin/grmquote
> -rwxr-xr-x. 1 root root 6816 2011-03-18 11:36 /opt/gold/bin/grmres
> -rwxr-xr-x. 1 root root 6225 2011-03-18 11:36 /opt/gold/bin/grmuser
> 
> Any kind of input is much appreciated.
> 
> Thanks
> Dheeraj K V
> 
> 
> 
> _______________________________________________
> gold-users mailing list
> gold-users at supercluster.org
> http://www.supercluster.org/mailman/listinfo/gold-users
_______________________________________________
gold-users mailing list
gold-users at supercluster.org
http://www.supercluster.org/mailman/listinfo/gold-users



More information about the gold-users mailing list