My 2p worth.
To run multi-user pilot jobs without setuid to root means that users all
use the same unix ID. This allows proxies to be stolen, and users to
delete one another's data, users to interfere with other users logs etc.
These things are not acceptable.
In my opinion Glexec with setuid to root where the identity is switched
is really the only way that it is acceptable to allow multi user pilot
jobs.
Glexec is undergoing a security review, although this does not guarantee
that it is perfectly secure - any problems found should be addressed.
To say that sites should be forced to run with setuid to root in order
to join WLCG seems a bit much. Those sites could surely just not run
multi-user pilot jobs. I'm sure there is plenty of other work they could
do where WLCG could make good use of those resources, even if the type
of job run there is restricted.
Linda.
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Burke, S (Stephen)
> Sent: 08 November 2007 14:54
> To: [log in to unmask]
> Subject: Re: PMB minutes and glexec
>
> Testbed Support for GridPP member institutes
> > [mailto:[log in to unmask]] On Behalf Of David Colling said:
> > I am afraid that this will be true also of Imperial ICT
> > (which we have
> > just got access to), LeSC, UCL Central and I am not sure
> > about the new
> > RHUL cluster. While it may be possible at the other sites they are
> > universally against it. I am not sure how London will proceed if LCG
> > really want to make this mandatory.
>
> One observation is that CMS so far seem to be expressing no interest
in
> pilot jobs of any kind, so CMS sites could possibly be exempted quite
> easily. In principle production jobs also don't need glexec, so sites
> could be designated as production-only if there were enough of them to
> make it worthwhile.
>
> Stephen
|