Ah, I have an idea what might happen: You seem to run the GT server as another user than lackovic, e.g. as user globus. If so, and if the grid-mapfile is readable for the user globus but not to user lackovic, then you would run into this situation: The first check for a mapping is done by the user who runs the server (globus in this example). globus has read privs and things are ok, because lackovic is mapped the grid-mapfile
Later, the job is submitted as user lackovic (sudo) though, and if lackovic does not have permissions to read the grid-mapfile, then we get this error. I guess all users must have read permissions on the grid-mapfile. Martin Martin Feller wrote: > Hi Marco, > > All very strange... > If you were not in the grid-mapfile you wouldn't get that far in the job > submission. > > I see this: > > 2010-06-23 10:32:32,817 DEBUG authorization.GridMapAuthorization > [ServiceThread-73,isPermitted:181] Peer "/O=KGrid/CN=Marco Lackovic" > authorized as "lackovic" > based on gridmap file "/etc/grid-security/grid-mapfile" > 2010-06-23 10:32:32,831 DEBUG factory.ManagedJobFactoryService > [ServiceThread-73,createManagedJob:96] Entering createManagedJob() > > so the authorization check prior to the service call indicates you are mapped > in /etc/grid-security/grid-mapfile. But later on, in the submission phase of > the job: > > 2010-06-23 10:32:33,640 DEBUG exec.StateMachine > [RunQueueThread_2,runScript:2898] running script submit > 2010-06-23 10:32:33,640 DEBUG exec.JobManagerScript > [RunQueueThread_2,run:199] Executing command: > /usr/bin/sudo -H -u lackovic -S > /usr/local/globus-4.0.8/libexec/globus-gridmap-and-execute -g > /etc/grid-security/grid-mapfile > /usr/local/globus-4.0.8/libexec/globus-job-manager-script.pl -m fork -f > /usr/local/globus-4.0.8/tmp/gram_job_mgr2078824211274262568.tmp -c submit > 2010-06-23 10:32:33,668 DEBUG exec.JobManagerScript > [RunQueueThread_2,run:218] first line: null > 2010-06-23 10:32:33,670 DEBUG exec.JobManagerScript > [RunQueueThread_2,run:328] failure message: Script stderr: > lackovic is not in the grid mapfile > > (uses the same grid-mapfile) > > Can you please send me your entire grid-mapfile (maybe not to the list)? > I want to check if I can replicate something like that. > > Martin > > Marco Lackovic wrote: >> Hi Martin, >> >> On Tue, Jun 22, 2010 at 8:11 PM, Martin Feller <[email protected]> wrote: >>> I would really like to see the entire log of a job, ideally in >>> a format that is a bit easier to digest. >> Yes, you are right, sorry for that. I wasn't sure I could send >> attachments to the mailing-list. You can find the log attached to this >> message. >> >> >
