If you use instead groups of globus users:
Runas_Alias GPOOL=%gridpool1,%gridpool2
(with gridpool1 being groups of globus_users)
and correspondingly
globus ALL=(GPOOL)
you do not need to update the sudoers file when adding new globus
Harry
Steven Timm wrote:
Again, the below is very dangerous if the globus account is
to be used in anything grid-related, which is probably the only
reason you would need a globus account.
[r...@fcdf1x1 ~]# more /etc/sudoers
Runas_Alias GLOBUSUSERS = ALL, !root
globus ALL=(GLOBUSUSERS) \
NOPASSWD: \
/usr/local/vdt-2.0.0/globus/libexec/globus-job-manager-script.pl *
globus ALL=(GLOBUSUSERS) \
NOPASSWD: \
/usr/local/vdt-2.0.0/globus/libexec/globus-gram-local-proxy-tool *
And if you have a limited list of accounts that globus should be able
to su to, spell them out individually.
Steve
On Thu, 29 Apr 2010, Tim Edwards wrote:
On 29/04/10 07:53, vivek chal wrote:
hi all,
i have a user account named globus and i want to give it all the
administrative privileges
What is the command to do it.
As root run 'visudo' and add a line like this:
globus ALL=(ALL) NOPASSWD: ALL
This will give globus the ability to run any command as root by putting
sudo before it, without being prompted for his/her own password, eg.:
sudo service something restart
Tim
--
******************************************************************
* Harry Enke AstroGrid-D, WissGrid *
* Phone : +49-331-7499-433 *
* Email : [email protected] FAX : +49-331-7499-429 *
******************************************************************
* Astrophysikalisches Institut Potsdam (AIP) *
* D-14482 Potsdam An der Sternwarte 16 *
* Vorstand: Prof. Dr. Matthias Steinmetz, Peter A. Stolz *
* Stiftung privaten Rechts, *
* Stiftungsverzeichnis Brandenburg: III/7-71-026 *
******************************************************************
