NORDUGRID-MEMO-15
Configuring user access to ARC compute elements
User access to computing resources served by ARC grid-manager is configured in the arc.conf file. Several technical notes exist, describing different details of access configration:
Please refer to the above documents if you need deep knowledge of configuration options and possibilities.
This memo offers several realistic working examples of arc.conf blocks configuring user access, depending on the use case, complete with explanations
Map all VO members to one local user
[vo]
id="vo_1"
vo="nordugrid.org"
source="vomss://voms.ndgf.org:8443/voms/nordugrid.org"
file="/etc/grid-security/grid-mapfile"
mapped_unixid="griduser"
This configures the tool to fetch the list of all
nordugrid.org VO users from the VOMS server, store it
in the specified file, and map to one local UNIX ID. The
vo title must later be used in an authorisation group
that defines access rules.
source="vomss://arthur.hep.lu.se:8443/voms/knowarc.eu" #get all members of vo knowarc.eu
source="vomss://arthur.hep.lu.se:8443/voms/knowarc.eu?/knowarc.eu/testers" #get all members of vo knowarc.eu that are members of the group testers
source="vomss://arthur.hep.lu.se:8443/voms/knowarc.eu?/knowarc.eu/Role=VO-Admin" #get all members of vo knowarc.eu that have the role VO-Admin
Note that e.g. the group "testers" should be written
/knowarc.eu/testers even though some might construe this as an
unnecessary redundancy.
Example of some useful [vo] blocks making use of VOMS are such:
[vo]
id="vo_3"
vo="testers.knowarc.eu"
source="vomss://arthur.hep.lu.se:8443/voms/knowarc.eu?/knowarc.eu/testers"
mapped_unixid="tester"
file="/etc/grid-security/grid-mapfile"
[vo]
id="vo_5"
vo="admin.knowarc.eu"
source="vomss://arthur.hep.lu.se:8443/voms/knowarc.eu?/knowarc.eu/Role=VO-Admin"
mapped_unixid="master"
file="/etc/grid-security/grid-mapfile"