On Wed, 6 Aug 2014 at 21:55 -0000, Derrick Lin wrote:
> My cluster have several ACL type of usersets for controlling queue
> access permissions. Recently I added the functional policy to the
> cluster so I changed the type from ACL to DEPT.
I have recently been using DEPT ACLs for allowing grid engine to put
department information into the accounting file instead of
"defaultdepartment". To work, a user should be in only one DEPT ACL.
> Now I found that the queue access permission is no longer working as
> before. The access_list manual doesn't really explain the difference
> between two but I noticed:
>
> "Departments are a special form of access list that additionally
> allow assignment of functional shares and override tickets."
>
> So it seems to me DEPT can be used as ACL with the additional of
> policies.
>
> Of course I can set the userset to be both ACL AND DEPT, just not
> sure if it's expected.
We have "ACL DEPT" for the type so we can also apply the ACLs for
access control, functional shares, override tickets or other purposes
if needed in the future.
We pull depertment information from another server (Active Directory)
and have a number of changes every week. I have a small perl script
which does most of the necessary 'qconf -au' and 'qconf -du' commands.
I have not been able to find an stomic seeming method of changing the
access list type from "ACL" to "ACL DEPT". I may need to settle for a
non-atomic 'qconf -su' and write a file for input to 'qconf -Mu'.
Stuart
--
I've never been lost; I was once bewildered for three days, but never lost!
-- Daniel Boone
_______________________________________________
users mailing list
[email protected]
https://gridengine.org/mailman/listinfo/users
