Monday, March 09, 2009

Tier 2.5 open for business

Today we released the long-awaited Tier 2.5 to the local punters at Glasgow. The benefits of this "halfway house" include:

  • Output of Grid jobs running at GU-Scotgrid can now be sent straight to the departmental (i.e. non-Grid enabled) storage, in turn making it accessible to users' desktop machines.
  • Access to the GU-ScotGrid UI is now with a familiar departmental username, rather than an arbitrarily assigned 'glaXXX' account; one less thing for new users to remember.

To protect the NFS mounted departmental storage from ne'er-do-wells, we created an additional Unix group, to which all Tier 2.5 users (and nobody else) must belong. Additionally, the permissions on the ScotGrid end of the NFS mounts are set to '750':

drwxr-x--- 2 root nfsusers 0 Mar 9 16:23 data

These steps successfully control the users who can see the departmental NFS mounts, but what about Grid jobs? Well, so long as the user's primary GID is a 'Griddy' one, their job will run, have access to the NFS mounts, and be accounted for accordingly.

No comments: