In relation to building a Beowulf cluster, why is it necessary to create identical users on the slave nodes? If one were to create the users on the slave nodes in a different order to the order in which they were created on the master node, what problems would occur and how would one fix them?
I have been trying to find a concrete answer to this for a few hours but with no luck. Any help would be appreciate.
Probably because of SSH access/file permissions.
If one computer needs to access other it must have some sort of remote login technology, and SSH uses user names. Also if you have a file share between them, you may run into problems with file permissions when one pc writes them as one user and other tries to read them as other.
Regarding user creation, by default if you don't specify a user id your user gets the next available. In Ubuntu case, normal accounts start with UID 1000 so if you create 3 users you will get the following
USER NAME ID
user1 1000
user2 1001
user3 1002
If in a different machine you change the order, the users will have different user ids. Of course, you can avoid that providing the desired UID when you create the accounts.
I believe it is because they most likely share some sort of file system such as /home. Any shared software will need certain permissions and the permissions will correspond to a uid or groupid. If there is a user "user" on one machine with a different uid than "user" on another machine, some of the shared filesystem won't be accessible.
To fix it you would need to add the user on each machine with the specific matching uid.
When a MPI program is running in several nodes is necessary to login this nodes, write files etc. If the users is no sync between headnode and nodes you can't even to find the executable because the users permission in NFS share.
Related
I botched a DC's AD / DNS pretty bad over the course of several years (of learning experiences) to the point where I could no longer join or leave the domain with clients. I have a NAS that used to plug into AD via SMB and that is how all the users (my family) used to access their files.
I have recreated my infrastructure configuration from scratch using Windows 2016 using best practices this time around. Is there any way to easily migrate those permissions to users in a new domain/forest (that are equivalent in value to the old one)?
Could I possibly recreate the SIDs / GUIDs of the new users to match the old? I'm assuming no because they have a Windows installation-unique generated string in there.
Could I possibly do this from the NAS side without having to go through each individual's files to change ownership?
Thank you.
One tool you can use to translate permissions from original SIDs to new SIDs is Microsoft's SubInACL
SubInACL will need from you information which old SID corresponds to which new SID or username and execute translation for all data on NAS server. For example like this
subinacl /subdirectories "Z:\*.*" /replace=S-1-5-1-2-3-4-5=NEWDOMAIN\newuser
How long it will take for translation to complete depends on number of files and folders, if it's tens of thousands expect hours.
There are also other tools like SetACL or PowerShell cmdlets Get-Acl/Set-Acl
You cannot recreate objects with original SIDs and GUIDs unless you're doing restore of the AD infrastructure or cloning/migrating original identities into new ones with original SID in sidHistory attribute.
So if you're already running domain controller with NAS in newly created forest and old one suffered from issues you wanted fixed that option would be probably much more painful and it's easier to go for SID translation.
i've the following scenario:
In the company almost part of the computers works in domain. there is two admins with absolutely all permisions. Obviously, when a software is required in one of the computers one of the sysadmins must go to put his credentials and password.
So here starts the problem: with one of the admins everything works normally, but with the other user it's impossible. it says that the operation requires permissions elevation, and i insist that both users have exactly the same permissions.
Anyone have an idea what could be wrong?
thanks in advance
Let me see if I understand this. The first admin has no issues installing software, but the second admin does have issues (User Account Control Dialog box popping up). In what way have you determined they have the same permissions? Rather than answer that, just run through this checklist until you (or they) find the difference between their privileges and then correct it.
Compare the group memberships of their two accounts. One may be a Domain Admin, while the other might actually not be one, thus accounting for the UAC dialog box popping up.
If the above shows no differences, then compare a Resultant Set of Policy report between the both of them. This means when the first admin logs in, have him/her run this command: gpresult /H C:\Admin1.html
When the 2nd admin logs in, run a fresh report for him/her using gpresult /H C:\Admin2.html, then compare that to the first report, and act on any difference you see related to permissions:
I'm using Active Directory and belong to specified group. (Not an Administrator.)
I have made folder in my 'C:' and then trying to share to another group users.
But I can't. Just i can get the warning message that '~Access denied~. You did not make shared resources.'.
Is there way to take care of this problem?
Thank you~!
Sharing of resources might have been blocked by your Administrator, either get your self added in power users group / asked them to share folder for you.
If you have Administrator Access - login with that and try. other wise less privileged user can not share the resources.
I want to read exclusive-opened files on Windows on a user-specified volume.
The established way to do this is to take a VSS snapshot.
Taking a VSS snapshot generally requires administrative permissions, so my application is split into an unelevated component and a SYSTEM service. Right now, the SYSTEM service initiates the snapshot and reads its files.
So far so good - as long as the files are accessible by both the SYSTEM user and the unelevated regular user. But of course, this is different user can have different mount paths, different network shares, different file authentication, and possibly even different Bitlocker access. My approach stops working as soon as a mounted network path is selected.
How can i take a VSS snapshot, having access to all the unelevated user's file paths?
Is there a simple, quick, non-invasive windows admin task that can be performed from a java process to validate if the current process is running as administrator?
I know we could run batch commands to check if current user is member of administrator group. But there are complications of portability across Vista etc.
A simple example would be:
echo. 2> %SYSTEMROOT%\EmptyFile.txt
However, this is invasive. We dont want to create files
Any other option?
In general, you may find it a better choice to check for a specific permission rather than implying permissions from role assignments. One reason for this is that in a domain environment you may have local administrators and domain administrators. They are not necessarily equivalent. Also, even an administrator's permissions can be altered or specific file/directory permissions be "tweaked" to, for example, deny access to "localmachine\administrators".
Checking for a specific permission guarantees that, given specific user credentials, that user can or cannot perform some action, regardless of what roles they might be assigned to.
I know that doesn't answer your question, but it may help shed some light on the problem of assuming permissions from roles.