SGE pipelines, how to manage ownership and do process accounting?

[goo...@merctech.com]

We're planning to use XNAT to launch pipelines to run on an existing SGE
cluster.

I forsee a long transistion period where users will access data, results,
and do processing both from XNAT and through the command-line. It looks
like there may be problems with the ownership of files created by XNAT,
and with accounting for CPU usage by different projects for jobs launched
by XNAT.

We currently use groups and 'project owner' logins (accounts accessible
only via sudo) to manage access to projects that should be restricted
to select users within the cluster. For example, the project "/data/tumor"
would be owner by the account "tumor", with specific users granted
read-only access via group membership. Authorized users become the
"tumor" user via sudo in order to gain write-access within "/data/tumor"
data and submit SGE jobs to process "tumor" images.

We currently use process accounting and quotas to track the CPU and
disk space used by these pseudo-users. This is part of a charge-back
mechanism to fund the cluster.


I'm curious about the recommended method to use XNAT so that pipeline
jobs are run under each project owner account and so that data created
on the filesystem (outside of XNAT) is owned by each project user login.

I'm considering:

using "sudo" to allow the xnat user to become any project user
without specifying a password

creating a wrapper (called as or within XNAT pipelines) so that
XNAT-launched jobs use "sudo" to become the project owner

Any comments?

Thanks,

Mark