Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] dirty AFS hook stuff?

Date: Sun, 10 Nov 2013 12:44:17 -0500
From: Rich Pieri <ratinox@xxxxxxx>
Subject: Re: [HTCondor-users] dirty AFS hook stuff?

The general solution is to create a dedicated service user and grant
this user access to users' directories via AFS ACLs. The Globus example
is a specific case of this. The problem with doing this for all of your
users' entire home directories is that a single AFS user -- the one that
all of your users are effectively running as -- has access to everything
without any authentication at all. What's the worst that could happen?
An ignorant user could run "rm -rf /" and wipe out the entire AFS
storage space. A malicious user could steal or corrupt or destroy a
rival's data or results.

You /really/ don't want to go there. You'll be much better off using NFS
automounts or a central NFS server for staging submissions.

-- 
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science

Follow-Ups:
- Re: [HTCondor-users] dirty AFS hook stuff?
  - From: Pek Daniel

References:
- [HTCondor-users] dirty AFS hook stuff?
  - From: Pek Daniel

Prev by Date: Re: [HTCondor-users] dirty AFS hook stuff?
Next by Date: Re: [HTCondor-users] dirty AFS hook stuff?
Previous by thread: Re: [HTCondor-users] dirty AFS hook stuff?
Next by thread: Re: [HTCondor-users] dirty AFS hook stuff?
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] dirty AFS hook stuff?