as part of https://phabricator.wikimedia.org/T246578 we'd like to enforce some basic permissions via puppet to all the home directories on analytics clients (stat/notebooks) of analytics-privatedata-users to $user:analytics-privatedata-users 750. For example, let's pick my home, /home/elukey:

- it will get permissions elukey:analytics-privatedata-users (owner:group)

- it will get permissions set to 750

I am talking about only the home directory, not its content (so the permissions will not be applied recursively). In this way we'd like to protect PII data that people might copy from Hadoop to the local file system, allowing only users from analytics-privatedata-users to read between each other home dirs.

If for any reason this change impacts your work, please let us know in the aforementioned task. In theory this should not affect anybody, and keep our data a little bit more safe :)

Thanks!

Luca (on behalf of the Analytics team)