We used to have a local blacklist which would overrule the automatic update
of the gridmap file.
What happened to that system? That would work for anything that requires
gridmap files.
Clearly there is, and has always been, a use case for banning a single user
from a storage system; if we cannot do this then that's a bug.
Of course the user can still log in to a UI and access files with a local storage
protocol - but then you need to block that, too. Too bad GridPP does not
use GSISSH.
Cheers
--jens
-----Original Message-----
From: Testbed Support for GridPP member institutes on behalf of Alessandra Forti
Sent: Wed 07/11/2007 12:10
To: [log in to unmask]
Subject: Re: Heinz's data
Yes, this is another problem. There is no security framework as such
that works in the same way on every service.
Greig Alan Cowan wrote:
> I should add that I know one way of banning him from the SE is to remove
> him from the grid-mapfile, but this will be recreated every few hours.
> How do you actually blacklist him?
>
> On the CE there is a file /opt/edg/etc/lcas/ban_user.db, but this
> doesn't exist on DPM/dCache nodes. For sites using dCache with gPlazma,
> I think banning is possible.
>
> Greig
>
> On 07/11/07 11:50, Jensen, J (Jens) wrote:
>> Can people please check whether Heinz Stockinger has written any data
>> to their SEs.
>> I would suggest blocking but not deleting it.
>>
>> Also, I recommend that you block access to the SEs for Heinz until
>> further notice.
>>
>>> From other sites, it would appear he has a preference for classic
>>> SEs, but it
>> would be good to check anyway.
>>
>> --jens
>
--
***********************************
* Alessandra Forti *
* NorthGrid Technical Coordinator *
* University of Manchester *
***********************************
|