Hi Maarten,
what are the cons in deleting and recreating the whole home dir when the
account is recycled?
cheers
alessandra
On Sat, 12 Nov 2005, Maarten Litmaath, CERN wrote:
> On Fri, 11 Nov 2005, David McBride wrote:
>
>> Is there currently any mechanism that reset's a pool account's home
>> directory back to it's default state before reuse?
>
> Yes and no. Temporary subdirectories for jobs are cleaned up by the
> job wrapper unless the job is killed. The job wrapper will also look
> for stale job directories left behind by other jobs, and clean them up.
> The batch system may itself create a temporary directory in which the
> job wrapper is started, and clean it up afterwards. The job-related
> subdirectories ~/.globus and ~/.lcgjm and gram_* logfiles are removed
> when a pool account is recycled, but that will not happen very often
> (it does now, but in the next release it will be delayed as much as
> possible for security reasons).
>
> The job is "free" to leave any junk in the home directory or /tmp etc.
> It is hard to clean up those areas in a robust way without the use of
> a chroot'ed file system subtree for the job to run in: a WN may run two
> or more concurrent jobs for the same user, so one cannot simply remove
> all the user's files at the end of the job.
>
> In the course of next year we intend to let each job run in its own
> virtual machine (Xen) with its own file system, and then this issue
> goes away, as do a few other security concerns.
>
>> If not, why not?
>
> Because it is hard.
>
--
********************************************
* Dr Alessandra Forti *
* Technical Coordinator - NorthGrid Tier2 *
* http://www.hep.man.ac.uk/u/aforti *
********************************************
|