Hello, Ryan.

We have a 'mimic' command for such support persons.  A support person may mimic 
any user in the same ${department}, as long as they are in the 
${department}-admin unix group.  This is enabled with a sudoers config line per 
dept and an SSH key per user restricted to the local cluster:

/etc/sudoers.d/mimic:
%depta-admin ALL=(%depta) /usr/bin/ssh -Y localhost
%deptb-admin ALL=(%deptb) /usr/bin/ssh -Y localhost
...

/usr/local/bin/mimic:
#!/bin/bash
MIMICUSER=${1:?You must specify a username to mimic}
shift
COMMANDS=$@
sudo -u $MIMICUSER /usr/bin/ssh -Y localhost $@

example:
jane$ mimic dick
[sudo] password for jane: 
Last login: Tue Sep 21 from blah blah
dick$ whoami
dick

I hope you find it useful!

Cheers.


On Tue 09/20/16 03:09PM EDT, Ryan Novosielski wrote:
> Does anyone have a particularly polished way of offering access to user files 
> to non-root users for the purposes of job troubleshooting or the like? We 
> have scientists that work with users to find out the more 
> software-based/user-error type of reasons that jobs won’t run (and sometimes 
> to escalate to the sysadmins), but we don’t really have a great way of doing 
> this currently.
> 
> All hints welcome. Thanks!
> 
> --
> ____
> || \\UTGERS,           
> |---------------------------*O*---------------------------
> ||_// the State        |         Ryan Novosielski - novos...@rutgers.edu
> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
> ||  \\    of NJ        | Office of Advanced Research Computing - MSB C630, 
> Newark
>     `'
> 



> _______________________________________________
> Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit 
> http://www.beowulf.org/mailman/listinfo/beowulf


-- 
Gavin W. Burris
Senior Project Leader for Research Computing
The Wharton School
University of Pennsylvania
Search our documentation: http://research-it.wharton.upenn.edu/about/
Subscribe to the Newsletter: http://whr.tn/ResearchNewsletterSubscribe
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
http://www.beowulf.org/mailman/listinfo/beowulf

Reply via email to