[GE users] Any reason not to have all user's workstations as submit hosts?

prentice prentice at ias.edu
Wed Apr 14 16:17:23 BST 2010


reuti wrote:
> Am 12.04.2010 um 19:18 schrieb bdbaddog:
> 
>> Reuti,
>>
>> On Mon, Apr 12, 2010 at 9:05 AM, reuti <reuti at staff.uni-marburg.de> wrote:
>>> Am 12.04.2010 um 12:35 schrieb rumpelkeks:
>>>
>>>> Well, we've got a lot of things - certainly /home - on a central file
>>> I would be concerned that someone uses local root access to gain access to other users files and credentials.
>> That's how most large deployments are done.
>> (I've been at companies with up to 5k employees done this way, and
>> even allowed mounting home dir's over the WAN, which was slow of
>> course, but functional)
>> All workstations use automount to mount /home's from various fileservers.
>> There's also a noroot option on mount which won't let root access or
>> is it just write/modify non local filesystems.
> 
> But when a user has local root access, he could create a local user for the one he want to access on the cluster - just use the right ID. Are there more protections to avoid this?
> 
> -- Reuti
> 
> 

I just answered this (kinda) in a post for NFS. Don't forget there are
other ways besides NFS to share filesystems over a network that are much
more secure than NFS. I'm not a network filesystems expert, so I don't
know all the options out there, but AFS is definitely one.

-- 
Prentice

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253392

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list