Group accounts

Sites that run CMS jobs need to use group accounts so that at any time each grid credential is mapped to an independent local account. This is needed for security reasons because any file in use (or produced) by a process must be accessible only to its owner. This is particularly relevant for proxies). The only exception to this rule (and it is hardly accepted by WLCG security people) is for the software installation user that is a unique account for at least CMS and LHCb.

Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2012-04-12 - OliverGutsche
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    CMSPublic All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback