On Wed, Jun 20, 2007 at 10:54:21AM +0200, Maarten Litmaath wrote:
> Ron Trompert wrote:
>
> >Hi,
> >
> >Maybe we should be going back to the situation like it was before having
> >only one sgm account belonging to the same primary group as the rest of
> >the VO and use the sgm for what it was intended for, just installing
> >software. This is a much cleaner solution. This whole security issue
> >popped up when VOs started to (ab)use these accounts for running jobs.
>
> The "abuse" is not the point of this matter. It is the audit trail that
> gets confused when multiple DNs can be mapped to the same account.
I fail to see how pool accounts and having group writable files are
helping in the audit trail either, how can you tell who changed a file
in the sgm area if everything is supposed to be group writable?
> Of course the pool accounts only help to some extent: a hacked sgm DN
> can leave a trojan in the software area affecting the whole VO!
Or hack *all* VOs if it is dteamsgm since *all* jobs try to execute a
couple of files from the dteam software area.
> Still, there are sites insisting that shared accounts shall go away...
That would be nice but is there an improvement if all their files are
group writable?
> Comments? Opinions?
Why do we need an sgm account at all? Why don't we just rsync (or an
ssl/gsi protected version of rsync) from a VO managed server and drop
the sgm accounts all together?
Kostas Georgiou
|