Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] creating an initial admin user :confused:

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] creating an initial admin user :confused:

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Gagné Sébastien <>, Rob Gorrell <>, Earl Lewis <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] creating an initial admin user :confused:
  • Date: Wed, 22 May 2013 15:52:34 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=neutral (message not signed) header.i=none

Start GSH from your UI WEB-INF/bin, try to resolve the subject by id or identifier as whatever comes from shib, and see if that specific subject is an admin…  J  could be the config in the UI isn’t the same as another place?


[appadmin@lorenzo appadmin]$ locate




[appadmin@lorenzo bin]$ cd /opt/appserv/tomcat_2v/webapps/grouper/WEB-INF/bin

[appadmin@lorenzo bin]$ ./gsh

-bash: ./gsh: Permission denied

[appadmin@lorenzo bin]$ chmod +x gsh

[appadmin@lorenzo bin]$ dos2unix gsh

dos2unix: converting file gsh to UNIX format ...

[appadmin@lorenzo bin]$ ./gsh

Type help() for instructions

gsh 0% grouperSession = GrouperSession.startRootSession();

edu.internet2.middleware.grouper.GrouperSession: 32e27397920f480f88bd38938114cc32,'GrouperSystem','application'

gsh 1% subject = SubjectFinder.findByIdOrIdentifier("", true); 

subject: id='10021368' type='person' source='pennperson' name='Michael Christopher Hyzer'

gsh 2% PrivilegeHelper.isWheelOrRoot(subject);


gsh 3% exit




From: [mailto:] On Behalf Of Gagné Sébastien
Sent: Wednesday, May 22, 2013 11:22 AM
To: Rob Gorrell; Earl Lewis
Subject: RE: [grouper-users] creating an initial admin user :confused:


AFAIK you only need to be a member of the etc:sysadmingroup, maybe the problem is your shib authentication ? Could there be a subject source mismatch between the subject in the Group and the subject that’s logged in (doubtful) ?


The logged-in user in linux that is running Grouper doesn’t have any impact here



De : [] De la part de Rob Gorrell
Envoyé : 22 mai 2013 10:45
À : Earl Lewis
Cc :
Objet : Re: [grouper-users] creating an initial admin user :confused:


No, i'm not seeing that I guess furthur confirming I've not been successful in setting myself up as an admin. I guess what I'm confused about, beyond making myself a subject and putting myself into a etc:sysadmin group, how do I tell Grouper the sysadmin group (and thus its members) be granted admin access?




On Wed, May 22, 2013 at 10:42 AM, Earl Lewis <> wrote:

Are you seeing the "Act as admin/Act as self" drop down control in the top right of the page? If so, then you are logged in as a user with admin rights. When you're logged in as an admin you should see a relatively short list of options on the left navigation pane (Explore, Search, etc…). 


If you're logged in as a regular user, or acting as yourself using the "act as…" option in the UI, then you'll see additional options in the left sidebar for managing the things that you have access to within grouper. These don't show up for admin users because presumably they have access to everything within the UI.



801-581-3635 (office)

801-554-3596 (mobile)


On 5/22/13 6:42 AM, "Rob Gorrell" <> wrote:


So I've got my initial grouper api and ui setup going... even managed to shibbolize the ui to where I'm logging in and being mapped to a grouper subject using eppn (ie, )... but of course I'm winding up as a normal user in an otherwise empty grouper install. that leaves me next to figure out how to turn my only subject into an admin user. from the documentation, so far I've edit to:

configuration.autocreate.system.groups = true
groups.wheel.use = true = etc:sysadmingroup

I've verified the etc:sysadmingroup is created and my subject () is indeed a member of it. I also see this reflected when I log into the UI. However, when I log into the UI, i don't see to have any special mojo to create groups or folders/stems in the root. from here, i'm not really sure where to go. I thought it was as merely adding a just to the group named in as the wheel group? am I having problems because my grouper subject () is not named the same as my linux user acct who's in the linux system's wheel group (rwgorrel)? where do i need to go to from here in getting my subject () setup as a full blown grouper admin?



Robert W. Gorrell
Middleware Engineer, Identity and Access Management

University of NC at Greensboro


Robert W. Gorrell
Middleware Engineer, Identity and Access Management

University of NC at Greensboro

Archive powered by MHonArc 2.6.16.

Top of Page