Hi Ramon,
This was also discussed over lcg-rollout list earlier - yes, indeed, you have
to change software directory permissions, so that the group has right
permission on them. The same applies /opt/edg/var/info/ files for software
tags. I hope this will be resolved by subsequent YAIM releases...
Best regards, Antun
-----
Antun Balaz
Research Assistant
E-mail: [log in to unmask]
Web: http://scl.phy.bg.ac.yu/
Phone: +381 11 3713152
Fax: +381 11 3162190
Scientific Computing Laboratory
Institute of Physics, Belgrade, Serbia
-----
---------- Original Message -----------
From: Ramon Bastiaans <[log in to unmask]>
To: [log in to unmask]
Sent: Wed, 6 Jun 2007 15:24:43 +0200
Subject: Re: [LCG-ROLLOUT] SAM error concerning OPS and DTEAM vo's
> Maarten Litmaath, CERN wrote:
> > The "sgm" accounts currently must have their "opssgm" group as _primary_
> > group, otherwise the VO software area becomes writable for everyone in the VO.
> >
> Doesn't one other thing remain?
>
> Once you change ownership to group opssgm, depending on permissions,
> group ops might no longer be able to read de softwaredir. Not sure
> how YAIM is supposed to do this by default, but consider the possibilities:
>
> 1) mode x75 (owner sgmgroup): softwaredir readable by all (private
> info exposed?) 2) mode x70 (owner sgmgroup): softwaredir only
> useable by sgmgroup (kind of pointless) 3) mode x70 (owner vogroup):
> softwaredir writeable by entire vo (not entirely desirable either)
>
> So which one is the 'lesser evil' here then?
>
> Or perhaps I'm looking at this the wrong way.
>
> Is there anything in the VO software that should be read-protected
> from other VOs/users? Or is readable by others acceptable?
>
> Further more the info-tag directories ownership should be changed as
> well. I had to do this manually on our CEs.
>
> Cheers,
> - Ramon.
> --
> ing. R. Bastiaans
>
> Systems Programmer / High Performance Computing & Visualisation /
> SARA Computing and Networking Services
> Kruislaan 415 PO Box 194613
> 1098 SJ Amsterdam 1090 GP Amsterdam
> ---
> There are really only three types of people:
>
> Those who make things happen, those who watch things happen
> and those who say, "What happened?"
------- End of Original Message -------
|