- Output of Grid jobs running at GU-Scotgrid can now be sent straight to the departmental (i.e. non-Grid enabled) storage, in turn making it accessible to users' desktop machines.
- Access to the GU-ScotGrid UI is now with a familiar departmental username, rather than an arbitrarily assigned 'glaXXX' account; one less thing for new users to remember.
To protect the NFS mounted departmental storage from ne'er-do-wells, we created an additional Unix group, to which all Tier 2.5 users (and nobody else) must belong. Additionally, the permissions on the ScotGrid end of the NFS mounts are set to '750':
drwxr-x--- 2 root nfsusers 0 Mar 9 16:23 data
These steps successfully control the users who can see the departmental NFS mounts, but what about Grid jobs? Well, so long as the user's primary GID is a 'Griddy' one, their job will run, have access to the NFS mounts, and be accounted for accordingly.
No comments:
Post a Comment