Hi Goran,
your use case should be good, I am following up with everybody just to
know if there are any corner cases that I haven't thought about. In
your case, analytics-privatedata is part of analytics-privatedata-users so
everything will keep working :)
Luca
Il giorno mar 3 mar 2020 alle ore 19:11 Goran Milovanovic <
goran.s.milovanovic(a)gmail.com> ha scritto:
Hi Luca,
I do not understand how exactly wozld the suggested change impact my work
on the stat100* machines, but I know that I need both
- user analytics-privatedata, and
- user goransm
to be able to read and write any file in any directory in my home
directory.
Thanks.
Best,
Goran
On Tue, Mar 3, 2020, 19:06 Luca Toscano <ltoscano(a)wikimedia.org> wrote:
Hi everybody,
as part of
https://phabricator.wikimedia.org/T246578 we'd like to
enforce some basic permissions via puppet to all the home directories on
analytics clients (stat/notebooks) of analytics-privatedata-users to
$user:analytics-privatedata-users 750. For example, let's pick my home,
/home/elukey:
- it will get permissions
elukey:analytics-privatedata-users (owner:group)
- it will get permissions set to 750
I am talking about only the home directory, not its content (so the
permissions will not be applied recursively). In this way we'd like to
protect PII data that people might copy from Hadoop to the local file
system, allowing only users from analytics-privatedata-users to read
between each other home dirs.
If for any reason this change impacts your work, please let us know in
the aforementioned task. In theory this should not affect anybody, and keep
our data a little bit more safe :)
Thanks!
Luca (on behalf of the Analytics team)
_______________________________________________
Analytics mailing list
Analytics(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/analytics
_______________________________________________
Analytics mailing list
Analytics(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/analytics
_______________________________________________
Analytics mailing list
Analytics(a)lists.wikimedia.org