-
Notifications
You must be signed in to change notification settings - Fork 107
vm access to other user
Seangchan Ryu edited this page Dec 14, 2018
·
6 revisions
> ssh [my-vm-name].cern.ch
> sqlite3 /data/srv/current/auth/frontend/users.db
Now create the role (If you want to test different roles and permission you can add more roles and give the different dn different role - i.e. - 'production-operator', 'web-service', 't0-operator', 'data-manager'
Following access for only for submitting and viewing the application. (foo role will be in default role - you can remove that)
sqlite> insert into role values (1, 'admin')
sqlite> insert into role values (2, 'production-operator')
sqlite> insert into user_group values (1, 'reqmgr')
sqlite> insert into user_group values (2, 'dataops')
# adding specific user to contact (here 'vocms0192'), but any other user information can be found in CRIC service (https://cms-cric.cern.ch/accounts/user/query/?json&preset=roles)
sqlite> insert into contact values (3, 'Service', 'vocms0192', 'vocms0192', '/DC=ch/DC=cern/OU=computers/CN=wmagent/vocms0192.cern.ch');
# for creating the request
sqlite> insert into group_responsibility values (3, 1, 1);
# for accessing and viewing applications (wmstats, etc)
sqlite> insert into group_responsibility values (3, 2, 2);
It will task an effect ~10 min if you don't restart services or you can restart the services to update this right away.
in your vm from /data directory
/data]$ /data/cfg/admin/InstallDev -s start
Instead of doing this every time, it might be better save users.db file somewhere else and copy back every time you deploy the new applications (reqmgr2, etc)
In some cases, if other developers need to access and debug some testing in your vm following instruction to do that. (Giving access to your machine with caution and when it is not needed anymore remove the access)
> ssh [my-vm-name].cern.ch
> sudo su -
# other users has to have cern account
> addusercern [other_user_id]
# give all the permission to start and stop server
> /usr/bin/visudo
or
> visudo
# add following line under
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
other_user_id ALL=(ALL) NOPASSWD: ALL