[Freeipa-devel] Maintaining Identity in a large cluster

[Jan-Frode Myklebust]

On Fri, Jun 27, 2008 at 12:03:07AM +0100, Matthew Booth wrote:
> 
> For example, descending a directory structure for which
> my user account has no privilege suddenly breaks tab completion. Not to
> mention the additional finger ache from prefixing every individual
> command with sudo.


How else will you get an audit trail for who descended a users
directory structure, and read that users research results ? Overriding
filesystem permissions shouldn't be default-allow for sysadmins.
Prefixing by sudo lets them know they're now in secure-mode, and that
they should be extra carefull not to leak anything about the files
they're seeing.

BTW: it seems it's possible to enable tab-completion for sudo, but
I haven't used it myself.
    

> >I don't see why users should need to change to a processing user. Why
> >can't they run as their login user ?
> 
> A job might run for 2 months, and there's a team of people who might
> start it, poke it or kill it.

We had lots of these. I know some users shared their accounts, but it
was frowned upon. And we always tried to help them set up their jobs so
that they could run the same jobs as their personal users.

Letting a group of users poke/kill each others jobs should probably be a
feature of the batch system.

> It might also be started automatically
> (another interesting case in itself). Going back to the single machine
> analogy, imagine:
> 
> * Running a daemon as jbloggs and relying on group permissions.
> * Running database backups as jbloggs from cron, and relying on group
> permissions.
> 
> You just wouldn't do that.

I'm not relying on group permissions much, but database backups
typically runs as the system-user owning/running the database for
Oracle backups.. but unfortunately we have a few mysql backups
that run as root. There's really no good reason why these dumps aren't
run as 'mysql'.


  -jf