Folks: We have a user trying to use sacct to get his own usage data.
He is getting the error message:
sacct: error: Access/permission denied
In our slurm.conf, we have:
PrivateData=jobs
Our accounting storage is through slurmdbd, which in turn is using
MySQL. In the slurmdbd.conf file, we have:
PrivateData=accounts,users,usage,jobs
So it isn't surprising that he can't get another user's accounting
data, since he isn't running as root, slurm, or a coordinator. But
the slurmdbd.conf man page strongly suggests that a user should still
be able to get his own accounting data. Is that correct?
I briefly turned the debug level to 9 on our slurmdbd instance.
Between the messages I found there and some grepping in the source, I
am pretty sure we end up calling the function
as_mysql_jobacct_process_get_jobs, where I find this fishy code:
if (private_data & PRIVATE_DATA_JOBS) {
if (!(is_admin = is_user_min_admin_level(
mysql_conn, uid, SLURMDB_ADMIN_OPERATOR))) {
if (!is_user_any_coord(mysql_conn, &user)) {
error("Only admins/coordinators can "
"access job data");
errno = ESLURM_ACCESS_DENIED;
return NULL;
}
}
}
Hmm, no test if the perhaps the calling user is the same as, well, I
guess job_cond->userid_list (haven't traced this all through yet),
where of course userid_list has only one element...
Or do I misunderstand the man page?
--
R. Lindsay Todd, PhD email: [email protected]
Senior Systems Programmer phone: 518-276-2605
Rensselaer Polytechnic Institute fax: 518-276-2809
Troy, NY 12180-3590 WWW: http://www.rpi.edu/~toddr
The views, opinions, and judgments expressed in this message are
solely those of the author. The message contents have not been
reviewed or approved by Rensselaer.
