 |
 |
Hi, I am quite new in LCG (Poland joined just a few days ago) so maybe I do not know all the regulations in LCG, but I think I have noticed some security problem. I have noticed that gridmapdir is not shared between CE and SE of the same site, although storage filesystem (SE:/flatfiles/SE00) is shared by all WNs by default. I know that the decision of having separate gridmapdirs was made to avoid cross-mounts problems, but unfortunatelly it leads to incosistencies in certificate to UID mapping in CE and SE. What I am talking about is the following situation. Imagine that you have user A and user B. The following mapping can occure: site-X-CE: A -> dteam001 B -> dteam002 site-X-SE: A -> dteam002 B -> dteam001 And now user A stores some file "important_data.dat" on site-X-SE using gridftp. So now we have file "important_data.dat" on site-X-SE owned by dteam002 user (look the mapping). OK, and meanwhile user B comes. He submits the following job to site-X-CE (so it goes to WN which has nfs access to storage) chmod 700 /flatfiles/SE00/important_data.dat Notice that he can do this because he is mapped as dteam002 on CE! And now user A wants to submit some job which uses the file, and he can't, because he is mapped as dteam001 on CE and the file is owned by dteam002 without proper permissions! So the user is unable to use his own files! There are other even more horrible consequences (like stealing higgs particle from over-enjoyed-nobel-price-candidate :) etc. ) I know that this only happens when someone (B) is very nasty, but can you assure that there will be no nasty people in large VO??? On the other hand, having gridmapdirs synchronized would allowed user to protect his important data by putting 700 attributes on it... Sorry for such a long and boring stuff, but do you have any coments on this problem? Cheers, Piotr