Hi Luca,

I do not understand how exactly wozld the suggested change impact my work on the stat100* machines, but I know that I need both

- user analytics-privatedata, and

- user goransm

to be able to read and write any file in any directory in my home directory.

Thanks.

Best,

Goran

On Tue, Mar 3, 2020, 19:06 Luca Toscano <ltoscano@wikimedia.org> wrote:

Hi everybody,

as part of https://phabricator.wikimedia.org/T246578 we'd like to enforce some basic permissions via puppet to all the home directories on analytics clients (stat/notebooks) of analytics-privatedata-users to $user:analytics-privatedata-users 750. For example, let's pick my home, /home/elukey:

- it will get permissions elukey:analytics-privatedata-users (owner:group)

- it will get permissions set to 750

I am talking about only the home directory, not its content (so the permissions will not be applied recursively). In this way we'd like to protect PII data that people might copy from Hadoop to the local file system, allowing only users from analytics-privatedata-users to read between each other home dirs.

If for any reason this change impacts your work, please let us know in the aforementioned task. In theory this should not affect anybody, and keep our data a little bit more safe :)

Thanks!

Luca (on behalf of the Analytics team)

_______________________________________________
Analytics mailing list
Analytics@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/analytics

_______________________________________________
Analytics mailing list
Analytics@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/analytics