Skip to content

vm access to other user

Seangchan Ryu edited this page Dec 14, 2018 · 6 revisions

Give access to view applications in your vm

> ssh [my-vm-name].cern.ch
> sqlite3 /data/srv/current/auth/frontend/users.db

Now create the role (If you want to test different roles and permission you can add more roles and give the different dn different role - i.e. - 'production-operator', 'web-service', 't0-operator', 'data-manager'

Following access for only for submitting and viewing the application. (foo role will be in default role - you can remove that)

sqlite> insert into role values (1, 'admin')
sqlite> insert into role values (2, 'production-operator')
sqlite> insert into user_group values (1, 'reqmgr')
sqlite> insert into user_group values (2, 'dataops')

# adding specific user to contact (here 'vocms0192'), but any other user information can be found in CRIC service (https://cms-cric.cern.ch/accounts/user/query/?json&preset=roles)

sqlite> insert into contact values (3, 'Service', 'vocms0192', 'vocms0192', '/DC=ch/DC=cern/OU=computers/CN=wmagent/vocms0192.cern.ch');

# for creating the request
sqlite> insert into group_responsibility values (3, 1, 1);

# for accessing and viewing applications (wmstats, etc)
sqlite> insert into group_responsibility values (3, 2, 2);

It will task an effect ~10 min if you don't restart services or you can restart the services to update this right away.

in your vm from /data directory

/data]$ /data/cfg/admin/InstallDev -s start

Instead of doing this every time, it might be better save users.db file somewhere else and copy back every time you deploy the new applications (reqmgr2, etc)

Give access to other developers in your vm

In some cases, if other developers need to access and debug some testing in your vm following instruction to do that. (Giving access to your machine with caution and when it is not needed anymore remove the access)

> ssh [my-vm-name].cern.ch
> sudo su -
# other users has to have cern account
> addusercern [other_user_id] 

# give all the permission to start and stop server
> /usr/bin/visudo
or
> visudo

# add following line under

   ## Same thing without a password
   # %wheel        ALL=(ALL)       NOPASSWD: ALL

   other_user_id ALL=(ALL) NOPASSWD: ALL
Clone this wiki locally