UCSD Hadoop User and Account Mappings
This twiki is for decribing the UCSD CMS T2 Hadoop and GUMS account mappings to support the CMS experiments storage account requirements.
The overall objective in CMS is to have multiple types of privileges:
- general users that are supported by our site in /store/user
- groups assigned to our site, and within those groups 2-3 specially privileged user that have access to the role priorityuser.
- dataOps for producing MC
- phedex
All of these come with special write privileges, and all except
PhEDEx? also come with special CPU access privileges.
On this twiki we describe only the write access arrangement.
Table of Contents
CMS Account Mappings per GUMS Server
CMS User account Mapping Example. There are two GUMS servers, gums-2.t2.ucsd.edu for CE and gums-3.t2.ucsd.edu for SE.
Example Mappings for higher level roles and users with optional high priority role.
_Note: _pa = new role in cms (priorityuser) for preferred access. See
here for details.
CMS Directories and Permission examples
| Directory |
Ownership |
Permissions |
Notes |
| /hadoop/cms/store/user/bmangano |
bmangano:cmsuser |
rwxr-x--- |
rwxr-xr-x to start |
| /hadoop/cms/store/user/priorityuser/trackingpog/bmangano_pa |
bmangano:cmsuser |
rwxr-x--- |
rwxr-xr-x to start |
| /hadoop/cms/phedex/store/ |
cmswriter:cmsuser |
rwxr-x--- |
rwxr-xr-x to start |
Notes
- All users are placed in the cmsuser group
- Hadoop honors a hidden sticky bit on directories
Authors
--
TerrenceMartin - 2009/08/28
Topic revision: r3 - 2009/09/23 - 05:16:52 -
FkW
UCSDTier2 Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
CMSBrownBag
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.