Hi Goran, your use case should be good, I am following up with everybody just to know if there are any corner cases that I haven't thought about. In your case, analytics-privatedata is part of analytics-privatedata-users so everything will keep working :)
Luca Il giorno mar 3 mar 2020 alle ore 19:11 Goran Milovanovic < [email protected]> ha scritto: > Hi Luca, > > I do not understand how exactly wozld the suggested change impact my work > on the stat100* machines, but I know that I need both > > - user analytics-privatedata, and > - user goransm > > to be able to read and write any file in any directory in my home > directory. > > Thanks. > > Best, > Goran > > > > On Tue, Mar 3, 2020, 19:06 Luca Toscano <[email protected]> wrote: > >> Hi everybody, >> >> as part of https://phabricator.wikimedia.org/T246578 we'd like to >> enforce some basic permissions via puppet to all the home directories on >> analytics clients (stat/notebooks) of analytics-privatedata-users to >> $user:analytics-privatedata-users 750. For example, let's pick my home, >> /home/elukey: >> >> - it will get permissions elukey:analytics-privatedata-users (owner:group) >> - it will get permissions set to 750 >> >> I am talking about only the home directory, not its content (so the >> permissions will not be applied recursively). In this way we'd like to >> protect PII data that people might copy from Hadoop to the local file >> system, allowing only users from analytics-privatedata-users to read >> between each other home dirs. >> >> If for any reason this change impacts your work, please let us know in >> the aforementioned task. In theory this should not affect anybody, and keep >> our data a little bit more safe :) >> >> Thanks! >> >> Luca (on behalf of the Analytics team) >> _______________________________________________ >> Analytics mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/analytics >> > _______________________________________________ > Analytics mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/analytics >
_______________________________________________ Analytics mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/analytics
