[Beowulf] User Support Access to User Files?
Gavin W. Burris
bug at wharton.upenn.edu
Wed Sep 21 05:29:31 PDT 2016
Hello, Ryan.
We have a 'mimic' command for such support persons. A support person may mimic any user in the same ${department}, as long as they are in the ${department}-admin unix group. This is enabled with a sudoers config line per dept and an SSH key per user restricted to the local cluster:
/etc/sudoers.d/mimic:
%depta-admin ALL=(%depta) /usr/bin/ssh -Y localhost
%deptb-admin ALL=(%deptb) /usr/bin/ssh -Y localhost
...
/usr/local/bin/mimic:
#!/bin/bash
MIMICUSER=${1:?You must specify a username to mimic}
shift
COMMANDS=$@
sudo -u $MIMICUSER /usr/bin/ssh -Y localhost $@
example:
jane$ mimic dick
[sudo] password for jane:
Last login: Tue Sep 21 from blah blah
dick$ whoami
dick
I hope you find it useful!
Cheers.
On Tue 09/20/16 03:09PM EDT, Ryan Novosielski wrote:
> Does anyone have a particularly polished way of offering access to user files to non-root users for the purposes of job troubleshooting or the like? We have scientists that work with users to find out the more software-based/user-error type of reasons that jobs won’t run (and sometimes to escalate to the sysadmins), but we don’t really have a great way of doing this currently.
>
> All hints welcome. Thanks!
>
> --
> ____
> || \\UTGERS, |---------------------------*O*---------------------------
> ||_// the State | Ryan Novosielski - novosirj at rutgers.edu
> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
> || \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark
> `'
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
--
Gavin W. Burris
Senior Project Leader for Research Computing
The Wharton School
University of Pennsylvania
Search our documentation: http://research-it.wharton.upenn.edu/about/
Subscribe to the Newsletter: http://whr.tn/ResearchNewsletterSubscribe
More information about the Beowulf
mailing list