-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Aryeh Gregor:
. . . what permissions scheme *does* it use?
each tool has a "role" account (a sort of special user account that isn't allowed to log in). each developer is a member of the role and can 'su' to it. the tool runs under the role account, not under the individual developer's account.
there's also a seperate "project" for each tool, which allows us to do more granular resource limits than ulimit would allow.
- river.