UCSD Hadoop User and Account Mappings

This twiki is for decribing the UCSD CMS T2 Hadoop and GUMS account mappings to support the CMS experiments storage account requirements.

The overall objective in CMS is to have multiple types of privileges:

  • general users that are supported by our site in /store/user
  • groups assigned to our site, and within those groups 2-3 specially privileged user that have access to the role priorityuser.
  • dataOps for producing MC
  • phedex

All of these come with special write privileges, and all except PhEDEx? also come with special CPU access privileges. On this twiki we describe only the write access arrangement.

Table of Contents

CMS Account Mappings per GUMS Server

CMS User account Mapping Example. There are two GUMS servers, gums-2.t2.ucsd.edu for CE and gums-3.t2.ucsd.edu for SE.

Example Mappings for higher level roles and users with optional high priority role.

gums-2.t2.ucsd.edu(CE) gums-3.t2.ucsd.edu (SE)
cmsphedex cmswriter
cmsprod cmswriter
bmangano_pa bmangano
bmangano bmangano

_Note: _pa = new role in cms (priorityuser) for preferred access. See here for details.

CMS Directories and Permission examples

Directory Ownership PermissionsSorted ascending Notes
/hadoop/cms/store/user/bmangano bmangano:cmsuser rwxr-x--- rwxr-xr-x to start
/hadoop/cms/store/user/priorityuser/trackingpog/bmangano_pa bmangano:cmsuser rwxr-x--- rwxr-xr-x to start
/hadoop/cms/phedex/store/ cmswriter:cmsuser rwxr-x--- rwxr-xr-x to start


  • All users are placed in the cmsuser group
  • Hadoop honors a hidden sticky bit on directories


-- TerrenceMartin - 2009/08/28

Topic revision: r3 - 2009/09/23 - 05:16:52 - FkW
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback