 |
SoftTree Technologies
Technical Support Forums
|
|
| Author |
Message |
seanc217
Joined: 23 May 2007
Posts: 272
|
|
 groups and permissions |
 |
Hi there I have a user let's say user_x.
He's a member of several groups on a linux box let's say:
dsadm dstage dropoff d3000 momentum
It appears the scheduler is only picking up the primary group and not all of the secondary groups when running the script.
When I run the following in my script...
groups > /home/srv_etl/file_scripts/d3_s1/groups.txt
I get the primary group dsadm only.
Is there a way to apply the secondary groups?
Thanks.
|
|
| Mon Jan 07, 2008 12:12 pm |
  |
 |
SysOp
Site Admin
Joined: 26 Nov 2006
Posts: 7969
|
|
| |
|
Sorry, I didn't get it.
Is the job setup to run with specific user credentials? If yes, it starts a new process and then changes the user (like su command), otherwise, the job runs with the same credentials and settings that are available to the user running the scheduler process.
|
|
| Mon Jan 07, 2008 1:22 pm |
|
|
seanc217
Joined: 23 May 2007
Posts: 272
|
|
| |
|
The job is setup to run as a specific user.
In this case, the user is called srv_etl.
This user belongs to the following groups:
dsadm dstage dropoff d3000 momentum
However in my script when I put the following command in:
groups > /home/srv_etl/file_scripts/d3_s1/groups.txt
When I run the script I get an output file, but it just lists the primary group which is dsadm.
Any ideas why the secondary groups are not being applied?
It's causing my script to fail with a permission denied error when I try to access a file which the user srv_etl has rights to through the secondary groups.
The script works fine if I run it on the machine, but when I try to excute it through the scheduler it fails.
Thanks.
|
|
| Mon Jan 07, 2008 1:36 pm |
|
|
SysOp
Site Admin
Joined: 26 Nov 2006
Posts: 7969
|
|
| |
|
What about the user account running the scheduler. Is that account a member of dsadm group only?
|
|
| Mon Jan 07, 2008 1:55 pm |
|
|
seanc217
Joined: 23 May 2007
Posts: 272
|
|
| |
|
The remote agent and all the scheduler instances master and angents are running as root.
|
|
| Mon Jan 07, 2008 2:03 pm |
|
|
SysOp
Site Admin
Joined: 26 Nov 2006
Posts: 7969
|
|
| |
|
So this is happening on an agent computer, right?
I believe this is the way switch-user is working on your agent system and nothing can be done in the agent or scheduler settings. Please check your system docs for the behavior description of the "su" command, what it says about the effective group. Consider changing group order for that particular user, so that the group you want is listed first.
BTW, I checked generic Linux documentation and it is not clear about su behavior. Looks like there are no generic rules well documented for this gray area and different systems may implement different behavior.
|
|
| Mon Jan 07, 2008 2:21 pm |
|
|
SysOp
Site Admin
Joined: 26 Nov 2006
Posts: 7969
|
|
| |
|
Minor clarification: by "listed first", I meant to say to set it as a primary group.
|
|
| Mon Jan 07, 2008 2:29 pm |
|
|
seanc217
Joined: 23 May 2007
Posts: 272
|
|
| |
|
OK thanks again for pointing me in the right direction.
There's a command in Unix/Linux called sg.
Here's the synopsis:
NAME
sg - execute command with different group ID
SYNOPSIS
sg group command
IF I execute my commands within this command it seems to work OK.
Just an fyi for anyone else that is having the same issues.
|
|
| Mon Jan 07, 2008 4:18 pm |
|
|
SysOp
Site Admin
Joined: 26 Nov 2006
Posts: 7969
|
|
| |
|
Thanks for the update. Glad you found an acceptable solution.
|
|
| Mon Jan 07, 2008 4:22 pm |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
