On Tue, Aug 02, 2005 at 06:38:26PM +0100, Gordon, JC (John) wrote:
> So if we wanted to use LCMAPS to blacklist someone at a site, we
> couldn't do this on dCache either?
I don't think so, there is a script that looks at the grid-mapfile
and translates everything to the format that dcache uses so if someone
is in the grid-mapfile they'll get access.
It's the list of the problems with dcache in my opinion, here is a
small list:
It doesn't keep any logs about the file transfers by default.
It is running as root and it ignores file permissions:
$ edg-gridftp-ls gsiftp://gftp0442.gridpp.rl.ac.uk/root/.ssh/
authorized_keys
known_hosts
At least you can't download anything outside /pnfs/ but i consider
it a problem that i can list *any* directory in the system....
Kostas
|