Luca, thank you very much. Best, Goran
On Tue, Mar 3, 2020, 19:55 Luca Toscano <[email protected]> wrote: > Hi Goran, > > your use case should be good, I am following up with everybody just to > know if there are any corner cases that I haven't thought about. In > your case, analytics-privatedata is part of analytics-privatedata-users so > everything will keep working :) > > Luca > > Il giorno mar 3 mar 2020 alle ore 19:11 Goran Milovanovic < > [email protected]> ha scritto: > >> Hi Luca, >> >> I do not understand how exactly wozld the suggested change impact my work >> on the stat100* machines, but I know that I need both >> >> - user analytics-privatedata, and >> - user goransm >> >> to be able to read and write any file in any directory in my home >> directory. >> >> Thanks. >> >> Best, >> Goran >> >> >> >> On Tue, Mar 3, 2020, 19:06 Luca Toscano <[email protected]> wrote: >> >>> Hi everybody, >>> >>> as part of https://phabricator.wikimedia.org/T246578 we'd like to >>> enforce some basic permissions via puppet to all the home directories on >>> analytics clients (stat/notebooks) of analytics-privatedata-users to >>> $user:analytics-privatedata-users 750. For example, let's pick my home, >>> /home/elukey: >>> >>> - it will get permissions >>> elukey:analytics-privatedata-users (owner:group) >>> - it will get permissions set to 750 >>> >>> I am talking about only the home directory, not its content (so the >>> permissions will not be applied recursively). In this way we'd like to >>> protect PII data that people might copy from Hadoop to the local file >>> system, allowing only users from analytics-privatedata-users to read >>> between each other home dirs. >>> >>> If for any reason this change impacts your work, please let us know in >>> the aforementioned task. In theory this should not affect anybody, and keep >>> our data a little bit more safe :) >>> >>> Thanks! >>> >>> Luca (on behalf of the Analytics team) >>> _______________________________________________ >>> Analytics mailing list >>> [email protected] >>> https://lists.wikimedia.org/mailman/listinfo/analytics >>> >> _______________________________________________ >> Analytics mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/analytics >> > _______________________________________________ > Analytics mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/analytics >
_______________________________________________ Analytics mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/analytics
