Embed Size (px)
DESCRIPTION
Niko Neufeld CERN, PH 3 Home directories Personal home directories are NFS exported to all Linux hosts and SMB exported (using Samba) to all Windows hosts Currently there is no quota, but there will be soon (default 500 MB) Access from Windows currently requires synchronization of so-called “smbpassword”. Is currently done semi-automatically behind the scenes – will be improved in the future
Citation preview
Accounts, groups, common areas in the LHCb Online Cluster
Niko NeufeldMarch 6th, 2007
Niko NeufeldCERN, PH
2
Authentication in LHCb
• Authentication is based on Kerberos 5 (domain DAQ.LHCB)
• User accounts are managed using NIS (on Unix) and Active Directory Service (ADS) on Windows
• Users have the same account on Windows and Linux (with the same home directory everywhere)
• Single sign on (same password on Linux and Windows) is achieved using pGina
Niko NeufeldCERN, PH
3
Home directories
• Personal home directories are NFS exported to all Linux hosts and SMB exported (using Samba) to all Windows hosts
• Currently there is no quota, but there will be soon (default 500 MB)
• Access from Windows currently requires synchronization of so-called “smbpassword”. Is currently done semi-automatically behind the scenes – will be improved in the future
Niko NeufeldCERN, PH
4
Groups
• Groups are used in both Windows and Linux to grant various levels of privileges
• Currently groups are modelled after the sub-systems from the ECS document + a few others
• Maybe too many – should be discussed!• Users can be members of several groups
Niko NeufeldCERN, PH
5
Currently defined groups
• admin• daq• ec• gcsb• gcse• gcsu• hc• hlt
• inf• it• lb• mu• ot• ps• r1• r2
• tca• tfc• tmu• tpu• trg• tt• ve
Niko NeufeldCERN, PH
6
Group areas
• Each group has a group area, which is also available everywhere*
• Group areas and groups together should obviate most needs for – notoriously bad – generic accounts
• Group areas can be made very large (to install entire PVSS projects (for tests etc…)
*) Currently this is missing under Windows (asap)
Niko NeufeldCERN, PH
7
Backups
• Both personal and group areas will be backed up regularly (currently not yet operational, will come this week)
Niko NeufeldCERN, PH
8
File system conventions
• Linux– home directories /home– group areas /group– local scratch area in /scratch– LHCb software (Moore etc…) /lhcb
• Windows– need to define (personally I am against drive-letters, NTFS
mounts are *much* more civilized)• Need to define
– path for local PVSS projects (or everything on network disks?)
– anything else?
