Yes - we must have the DN which created/modified the file. I rather
suspect we may fail the LCG security service challenge if we cannot
say who created a susect file.
As Alessandra says - there would be all kinds of legal issues if we found
something like stolen software/child porn on the SE and could not say who
put it there.
Andrew
> -----Original Message-----
> From: GRIDPP2: Deployment and support of SRM and local storage
> management [mailto:[log in to unmask]]On Behalf Of
> Alessandra
> Forti
> Sent: 16 May 2005 14:08
> To: [log in to unmask]
> Subject: Re: Some points about the dCache gsiftp service
>
>
> Hi Steve,
>
> I don't want to create millions of accounts either and I don't want to
> touch what looks like a static file to make it dynamic. If there is a
> working mapping between a files users who created them the
> legal problems
> are solved. Is there any problem with possible deletion of files?
>
> cheers
> alessandra
>
> On Mon, 16 May 2005, Steve Traylen wrote:
>
> > On Mon, May 16, 2005 at 01:53:16PM +0100 or thereabouts,
> Alessandra Forti wrote:
> >> This is not yaim though. It is the way dcache is used, I
> was surprised as
> >> well to see everyone mapped on one account.
> >
> > The dcache.kpwd file is the file that controls the mapping, creating
> > lots of users and maintaining this file with separate accounts per
> > DN is of course possible with some adaption to scripts.
> >
> > I have a phobia to creating millions of pool accounts since it
> > takes time here to generate accounts and it is not in my realm.
> >
> > I would say I am not happy with it but I will probably sit
> tight till
> > the VOMS support comes in. If the billing logs are okay now then
> > not so bad.
> >
> > Steve
> >>
> >> cheers
> >> alessandra
> >>
> >> On Mon, 16 May 2005, owen maroney wrote:
> >>
> >>> <snip>
> >>>> So there is seemingly no record kept of who created or
> deleted which
> >>>> files... Sites may want/need to be made aware of this feature?
> >>>>
> >>>> (Although as the gsiftp door allows files to be created
> only in the
> >>>> appropriate /pnfs/<domain>/data/<VO> directory this
> doesn't seem to
> >>>> directly create a security hole)
> >>>
> >>> Though it does raise legal issues along the lines of:
> "So, who copied
> >>> this massive collection of pirated films/pirated
> music/pornography onto
> >>> our disk server?"
> >>>
> >>> --
> >>> =======================================================
> >>> Dr O J E Maroney # London Tier 2 Technical Co-ordinator
> >>>
> >>> Tel. (+44)20 759 47802
> >>>
> >>> Imperial College London
> >>> High Energy Physics Department
> >>> The Blackett Laboratory
> >>> Prince Consort Road, London, SW7 2BW
> >>> ====================================
> >>>
> >>
> >> --
> >> ********************************************
> >> * Dr Alessandra Forti *
> >> * Technical Coordinator - NorthGrid Tier2 *
> >> * http://www.hep.man.ac.uk/u/aforti *
> >> ********************************************
> >
> > --
> > Steve Traylen
> > [log in to unmask]
> > http://www.gridpp.ac.uk/
> >
>
> --
> ********************************************
> * Dr Alessandra Forti *
> * Technical Coordinator - NorthGrid Tier2 *
> * http://www.hep.man.ac.uk/u/aforti *
> ********************************************
>
|