On Tue, 17 Aug 2004, Alessandra Forti wrote: > it is obviously up to the experiment to chose... Er, the allegedly current LCG user guidelines https://edms.cern.ch/file/428036/LAST_RELEASED/LCG_Usage_Rules.pdf clearly state in section 5.8 that users shall "use their account for the sole purpose for which it was granted". I'm not sure how running jobs for (arbitrary?) end-users is the same purpose as software package maintenance. Of course, said guidelines also only refer to LCG-1, and don't refer to "software managers" at all... Where are "experiment software managers'" privileges defined anyway (I think I once saw something but I'm having trouble with the web from my laptop)? I'm not totally worried about which way this is resolved, as long as it's made clear. > It's just good practice to > keep separated the software manager user and the production ones. If not > for anything else they have different unix privileges on the software > area. Pragmatically, if the ESM is essentially doing an edg-job-submit on data sets they know, then I'm not too worried. On the other hand, if this is data sets and control files uploaded by any user through a portal somewhere then I don't think it's the way to go - I'm sure it's possible to subvert things like Orca/Cobra to run arbitrary code, and even if not it would still be contrary to the spirit of the agreement above. Henry "I've won a pair of concrete boots? And a diving holiday?" Nebrensky -- Dr. Henry Nebrensky [log in to unmask] http://www.brunel.ac.uk/~eesrjjn "The opossum is a very sophisticated animal. It doesn't even get up until 5 or 6 p.m."