So here's the stuff that I sent to Ian Neilson and Pal Anderssen
about a month ago. I had come across
https://uimon.cern.ch/twiki/bin/view/LCG/SSC2
As you can see, precisely nothing has happened since then.
In fact I had even discussed it with them back in the
EGEE 4th conference in Pisa.
-----BEGIN STUFF-----
I would think it is useful to test the authorisation (access
control) and the auditing.
For the authorisation, A writes a file and sets permissions
to prevent B from reading/writing/deleting it. B makes
reasonable efforts to circumvent the access control within
the system - e.g, if the file was written with lcg-cr, B
tries to read it back with srmcp.
It is necessary to try different routes into the SE.
For auditing, which is the more obvious one, A writes a
file and challenges the site (like your jobs) to report
who had written it. Again A can try to write the file with
lcg-cr and with only srmcp.
Finally, B does some stuff to the file - reads it, overwrites
it, deletes it. Again the question for the site is: who
did what to the file, when.
-----END STUFF-----
Greig suggested in today's (storage) meeting that we start looking
into it in the storage group; after all we have the expertise with the
storage systems. I talked to Jiri at some point about automating
the ACL test via his S2 test system - if it can 'su' (in whichever
sense is appropriate), it can test access control.
I don't want us to spend too much time on it, but two useful
things could come out of it: (a) scriptable tests that test
whether access controls work, and (b) a howto for sites responding
to naughty stuff happening to their SEs. And (c) a guide to users
on managing access control in SEs (whether it's supported for example).
Er, that was three things.
Cheers,
--jens
|