Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Securing local filesystem access for Condor onWindows
- Date: Wed, 22 Nov 2006 13:04:56 -0000
- From: "Kewley, J \(John\)" <j.kewley@xxxxxxxx>
- Subject: Re: [Condor-users] Securing local filesystem access for Condor onWindows
With the setup we have it is possible for a condor job to
read/write anything that anyone else in User can. This includes
the "All Users" section of "Documents\ and\ Settings".
For instance it could remove default desktop icons!
You have to be careful.
JK
> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx
> [mailto:condor-users-bounces@xxxxxxxxxxx]On Behalf Of Patrick Townsend
> Sent: Wednesday, November 22, 2006 12:27 PM
> To: condor-users
> Subject: [Condor-users] Securing local filesystem access for Condor
> onWindows
>
>
> Hi
>
> Is it possible to restrict the access to the local filesystem
> that the
> Condor-reuse-vm1 account has when running a job on a Windows client?
>
>
> The account condor-reuse-vm1 is added to the Windows local
> group Users. By
> default members of this group have R access to most of the local
> filesystem. This has obvious security implications as a job
> can hoover up
> data from the running node's local filesystem.
>
> We are running Condor v6.6.11. I can think of three ways
> round this, but am
> unclear which is best and what may get broken. Has anyone
> tried these or
> can offer advice on what is the best way forward?
> 1) Remove account condor-reuse-vm1 from local group Users.
> 2) Change file perms to deny access to local filesystem
> outside sandbox
> directory d:\condor\execute\.
> 3) Does Condor have a feature which could help in this case?
>
>
> regards
> Patrick.
>
> ---------------------------------------------------
> Patrick Townsend - Computer Systems Officer.
> University of Bristol.
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to
> condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at either
> https://lists.cs.wisc.edu/archive/condor-users/
> http://www.opencondor.org/spaces/viewmailarchive.action?key=CONDOR
>