Group accounts

Sites that run CMS jobs need to use group accounts so that at any time each grid credential is mapped to an independent local account. This is needed for security reasons because any file in use (or produced) by a process must be accessible only to its owner. This is particularly relevant for proxies). The only exception to this rule (and it is hardly accepted by WLCG security people) is for the software installation user that is a unique account for at least CMS and LHCb.


This topic: CMSPublic > CompOps > CompOpsPolicies > CompOpsPoliciesGroupAccounts
Topic revision: r1 - 2012-04-12 - OliverGutsche
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback