[slurm-users] Secondary Unix group id of users not being issued in interactive srun command

Walls, Mitchell miwalls at siue.edu
Fri Jan 28 18:01:05 UTC 2022 

Do you see the uid in /sys/fs/cgroup? (i.e. find /sys/fs/cgroup -name "*71953*"). If not that could point to cgroup config.

________________________________________
From: slurm-users <slurm-users-bounces at lists.schedmd.com> on behalf of Ratnasamy, Fritz <fritz.ratnasamy at chicagobooth.edu>
Sent: Friday, January 28, 2022 11:13 AM
To: Rémi Palancher; Slurm User Community List; James Millsap
Subject: Re: [slurm-users] Secondary Unix group id of users not being issued in interactive srun command

Hi Remi,

 Yes it does return the same id. See below:
johndoe at ecolonnelli:~ $ id
uid=71953(johndoe) gid=100026(Faculty_Collab) groups=100026(Faculty_Collab),100181(ecolonnelli_access)
johndoe at ecolonnelli:~ $ id johndoe
uid=71953(johndoe) gid=100026(Faculty_Collab) groups=100026(Faculty_Collab),1000(projectsbrasil),1003(core),1549(rais),1550(rfb),1552(polconnfirms),1558(vpce),1559(rfb_all),1563(johndoe),100181(ecolonnelli_access)

Fritz Ratnasamy
Data Scientist
Information Technology
The University of Chicago
Booth School of Business
5807 S. Woodlawn
Chicago, Illinois 60637
Phone: +(1) 773-834-4556


On Fri, Jan 28, 2022 at 2:04 AM Rémi Palancher <remi at rackslab.io<mailto:remi at rackslab.io>> wrote:
Le vendredi 28 janvier 2022 à 06:56, Ratnasamy, Fritz <fritz.ratnasamy at chicagobooth.edu<mailto:fritz.ratnasamy at chicagobooth.edu>> a écrit :

> Hi,
>
> I have a similar issue as described on the following link (https://groups.google.com/g/slurm-users/c/6SnwFV-S_Nk)A machine had some existing local permissions. We have added it as a compute node to our cluster via Slurm. When running an srun interactive session on that server,it would seem that the LDAP groups shadow the local groups.
>
> johndoe at ecolonnelli:~ $ groups
>
> Faculty_Collab ecolonnelli_access #Those are LDAP groups
>
> johndoe at ecolonnelli:~ $ groups johndoe
>
> johndoe : Faculty_Collab projectsbrasil core rais rfb polconnfirms johndoe vpce rfb_all backup_johndoe ecolonnelli_access

The difference between the first and the second command could be the UID used for the resolution. The first command calls getgroups() syscall using the UID of the shell. The second command resolves johndoe UID through nsswitch stack then looks after the groups of this UID.

Do you have johndoe declared in both local /etc/passwd and LDAP directory with different UID?

Do `id` and `id johndoe` return the same UID?

--
Rémi Palancher
Rackslab: Open Source Solutions for HPC Operations
https://rackslab.io


CAUTION: This email has originated outside of University email systems. Please do not click links or open attachments unless you recognize the sender and trust the contents as safe.

More information about the slurm-users mailing list