Valentin Vidic wrote:
> On Tue, Jul 03, 2007 at 12:47:27PM +0300, Kyriakos Ginis wrote:
>
>>Anyway, does this affect only the lcg-CE as you mentioned in the
>>broadcasted message? What about other nodes that use lcmaps, like the
>>gLite-CE and the classic SE?
Only the LCG-CE is affected, as it gives _privileges_ to sgm/prd users.
On the Classic SE everything is group-writable anyway.
On the VOBOX every sgm user is mapped to the first (or only) sgm account
of the VO.
On the DPM the UNIX accounts are not used to obtain access rights in the
DPM name space.
On the RB and WMS the sgm/prd users do not get extra privileges.
> It seems this might affect all nodes using old edg-lcmaps (LCMAPS
> v0.0.30) packages:
>
> lcg-CE
> lcg-CE_torque
> glite-VOBOX
> glite-SE_classic
> glite-SE_dpm_disk
> glite-SE_dpm_mysql
> glite-SE_dpm_oracle
>
> Nodes using new glite-security-lcmaps (LCMAPS v1.3.6) should not be
> affected:
>
> glite-CE
> glite-WMS
>
|