Steve Traylen wrote:
>>But what is the problem with having a gridftp server running on the CE ?
>>The original question ....
Nothing just people including myself have an obsession with running
> as few services as possible. This mainly because if you let things
> get used for reasons not as planned you suddenly find some one is
> relying on it.
Plus the more services you have, open to the wide world, the more chance
you have that some combination of services (plus their potential
mis-configuration) blows a hole in the security, when each individual
service seemed secure. A gsiftp server, allowing users to upload files
to the CE, can be particularly dangerous in this regard (just get the
file permissions wrong in exactly the right place...)
There's good reasons why sysadmins don't like running excess services...
--
=======================================================
Dr O J E Maroney # London Tier 2 Technical Co-ordinator
Tel. (+44)20 759 47802
Imperial College London
High Energy Physics Department
The Blackett Laboratory
Prince Consort Road, London, SW7 2BW
====================================
|