Alessandra Forti wrote:
> Hi David,
>
> I know it is a security hole as it is. I was talking about the
> possibility of restricting the access to responsible people mapped to
> specific users like dteamsgm.... as Maarten was saying.
Fair enough, but the Principle of Least Privilege applies here: by
default, *no-one* should be able to run any fork jobs on my gatekeeper.
It could indeed be useful to have a mechanism by which I can easily
whitelist specific users on a case-by-case basis to help me debug
specific problems, but by default this facility should not be available
to any grid user.
Cheers,
David
--
David McBride <[log in to unmask]>
Department of Computing, Imperial College, London
|