On Tue, 17 Aug 2004, Alessandra Forti wrote:
> it is obviously up to the experiment to chose...
Er, the allegedly current LCG user guidelines
https://edms.cern.ch/file/428036/LAST_RELEASED/LCG_Usage_Rules.pdf
clearly state in section 5.8 that users shall "use their account for the
sole purpose for which it was granted".
I'm not sure how running jobs for (arbitrary?) end-users is the same
purpose as software package maintenance.
Of course, said guidelines also only refer to LCG-1, and don't refer to
"software managers" at all... Where are "experiment software managers'"
privileges defined anyway (I think I once saw something but I'm having
trouble with the web from my laptop)?
I'm not totally worried about which way this is resolved, as long as it's
made clear.
> It's just good practice to
> keep separated the software manager user and the production ones. If not
> for anything else they have different unix privileges on the software
> area.
Pragmatically, if the ESM is essentially doing an edg-job-submit on data
sets they know, then I'm not too worried. On the other hand, if this is
data sets and control files uploaded by any user through a portal
somewhere then I don't think it's the way to go - I'm sure it's possible
to subvert things like Orca/Cobra to run arbitrary code, and even if not
it would still be contrary to the spirit of the agreement above.
Henry "I've won a pair of concrete boots? And a diving holiday?" Nebrensky
--
Dr. Henry Nebrensky [log in to unmask]
http://www.brunel.ac.uk/~eesrjjn
"The opossum is a very sophisticated animal.
It doesn't even get up until 5 or 6 p.m."
|