JISCMail - LCG-ROLLOUT Archives

Hi Ramon,

This was also discussed over lcg-rollout list earlier - yes, indeed, you have
to change software directory permissions, so that the group has right
permission on them. The same applies /opt/edg/var/info/ files for software
tags. I hope this will be resolved by subsequent YAIM releases...

Best regards, Antun

-----
Antun Balaz
Research Assistant
E-mail: [log in to unmask]
Web: http://scl.phy.bg.ac.yu/

Phone: +381 11 3713152
Fax: +381 11 3162190

Scientific Computing Laboratory
Institute of Physics, Belgrade, Serbia
-----

---------- Original Message -----------
From: Ramon Bastiaans <[log in to unmask]>
To: [log in to unmask]
Sent: Wed, 6 Jun 2007 15:24:43 +0200
Subject: Re: [LCG-ROLLOUT] SAM error concerning OPS and DTEAM vo's

> Maarten Litmaath, CERN wrote:
> > The "sgm" accounts currently must have their "opssgm" group as _primary_
> > group, otherwise the VO software area becomes writable for everyone in the VO.
> > 
> Doesn't one other thing remain?
> 
> Once you change ownership to group opssgm, depending on permissions, 
> group ops might no longer be able to read de softwaredir. Not sure 
> how YAIM is supposed to do this by default, but consider the possibilities:
> 
> 1) mode x75 (owner sgmgroup): softwaredir readable by all (private 
> info exposed?) 2) mode x70 (owner sgmgroup): softwaredir only 
> useable by sgmgroup (kind of pointless) 3) mode x70 (owner vogroup): 
> softwaredir writeable by entire vo (not entirely desirable either)
> 
> So which one is the 'lesser evil' here then?
> 
> Or perhaps I'm looking at this the wrong way.
> 
> Is there anything in the VO software that should be read-protected 
> from other VOs/users? Or is readable by others acceptable?
> 
> Further more the info-tag directories ownership should be changed as 
> well. I had to do this manually on our CEs.
> 
> Cheers,
> - Ramon.
> -- 
> ing. R. Bastiaans
> 
> Systems Programmer / High Performance Computing & Visualisation /
> SARA                 Computing and Networking Services
> Kruislaan 415        PO Box 194613
> 1098 SJ Amsterdam    1090 GP Amsterdam
> ---
> There are really only three types of people:
> 
>    Those who make things happen, those who watch things happen
>    and those who say, "What happened?"
------- End of Original Message -------