[GE users] Any reason not to have all user's workstations as submit hosts?

hawson beckerjes at mail.nih.gov
Mon Apr 12 18:28:28 BST 2010


On Mon, Apr 12, 2010 at 01:23:43PM -0400, reuti wrote:
>Am 12.04.2010 um 19:18 schrieb bdbaddog:
>
>> Reuti,
>> 
>> On Mon, Apr 12, 2010 at 9:05 AM, reuti <reuti at staff.uni-marburg.de> wrote:
>>> Am 12.04.2010 um 12:35 schrieb rumpelkeks:
>>> 
>>>> Well, we've got a lot of things - certainly /home - on a central file
>>> 
>>> I would be concerned that someone uses local root access to gain access to other users files and credentials.
>> 
>> That's how most large deployments are done.
>> (I've been at companies with up to 5k employees done this way, and
>> even allowed mounting home dir's over the WAN, which was slow of
>> course, but functional)
>> All workstations use automount to mount /home's from various fileservers.
>> There's also a noroot option on mount which won't let root access or
>> is it just write/modify non local filesystems.
>
>But when a user has local root access, he could create a local user for the one he want to access on the cluster - just use the right ID. Are there more protections to avoid this?

Why would a normal user have root on their workstation?  Furthermore,
they should prevent from getting it as well via other means, such as
booting off a CD or USB stick.

-- 
Jesse Becker
NHGRI Linux support (Digicon Contractor)

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253155

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list