Hi everybody,
as part of
https://phabricator.wikimedia.org/T246578 we'd like to enforce
some basic permissions via puppet to all the home directories on analytics
clients (stat/notebooks) of analytics-privatedata-users to
$user:analytics-privatedata-users 750. For example, let's pick my home,
/home/elukey:
- it will get permissions elukey:analytics-privatedata-users (owner:group)
- it will get permissions set to 750
I am talking about only the home directory, not its content (so the
permissions will not be applied recursively). In this way we'd like to
protect PII data that people might copy from Hadoop to the local file
system, allowing only users from analytics-privatedata-users to read
between each other home dirs.
If for any reason this change impacts your work, please let us know in the
aforementioned task. In theory this should not affect anybody, and keep our
data a little bit more safe :)
Thanks!
Luca (on behalf of the Analytics team)