HP StorageWorks Scalable File Share System Installation and Upgrade Guide Version 2.2
Configuring supplementary groups 9–3
9.2.1 Overview
To resolve supplementary groups, the HP SFS system must be able to access one or more user-supplied
servers that can translate or resolve a given user ID (UID) into group UIDs. The user-supplied servers are
referred to here as group servers.
When the MDS service needs to determine the groups associated with a given user UID, the following
actions take place:
1. The MDS service (in the kernel) suspends the I/O or meta-data operation that needs the group
information and then makes an upcall into user space to run the /usr/opt/hpls/bin/
hpls_groups_upcall script.
2. The hpls_groups_upcall script uses the ssh utility to run the /usr/sbin/hpls_getgroups
command on the group servers.
3. The hpls_getgroups command performs a user UID lookup and returns the result (a list of group
UIDs) to the hpls_groups_upcall script.
4. The hpls_groups_upcall script passes the information to the MDS service in the kernel.
5. The original (I/O or meta-data) operation that required the group information continues.
If Step 2 fails or times out, the hpls_groups_upcall script retries the operation on the next configured
group server. If the ssh request for a user fails on all group servers, the hpls_groups_upcall script uses
group data from the last successful operation for the user. However, if there were no previous successful
operations for the user, the hpls_groups_upcall script will be unable to resolve the group information,
and the user will receive an access denied error.
9.2.2 Setting up group servers
A group server is any host in the user's environment that can resolve group information and has the
hpls_getgroups command installed on it. Select group servers that are reliable.
Set up each of the group servers as follows:
1. Make sure that the hpls_getgroups command is available on the group server.
There are two ways to make the hpls_getgroups command available on a group server:
• Use an HP SFS client node as the group server.
The hpls_getgroups command is automatically installed as part of the HP SFS client software
kit, and will be available if the group server has been configured as an HP SFS client node.
•Copy the hpls_getgroups command from an HP SFS client node to the host that is to be a
group server.
If the host that is to be a group server is not configured as an HP SFS client node, copy the
hpls_getgroups command from an HP SFS client node and place the command in the
/usr/sbin/ directory on the host that is to be a group server. Note that, because the
hpls_getgroups command is compiled as part of the process of installing the HP SFS client
software (on HP XC client nodes, it is precompiled), you must copy the executable program from
a compatible system to the group server.
2. Select a user name under which the hpls_getgroups command will run; this does not need to be
the root user; however, note that:
• The user name under which the hpls_getgroups command will run must not include any
Lustre file system in its path.