LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of Åke Sandgren said:
> I for one can't think a anything at all that would increase
> security by having one account / job. Examples please?
At the moment we have the concept of recycling pool accounts, i.e. after some period you delete the association to the user and make the account free again. However, as you say yourself it's very hard to do that safely, and there are lots of possible exploits. Some sites have disabled account recycling completely - but then you will eventually need an account for everyone in the grid, so a large number anyway. With an account per job you can clean up more effectively, as soon as the job ends you know that nothing should be using it so you can wipe all files and processes owned by that uid and be sure that nothing is hanging around, without having to worry about other jobs running under the same account.
Also as a more minor point, it would let you know exactly which job did something (e.g. wrote a file) in situations where at the moment you might only know which DN was used. For some things that could be useful, e.g. you might have jobs from the same user from several RBs, if an RB is compromised you want to know which one.
Stephen
|