Kenneth, Thanks for giving me your experience with dedicated user vs group. I'm structuring a git repo that stores the various configs , etc for other admins (probably just be me doing this for a while) to build software who are members of a "easybuild" posix group.
So far it appears that directories created by EB have correct permissions (2775) based on my config options [1]. The directories under PREFIX (installdir) that the various software create do not have the correct permissions but that's okay for now, since it means to overwrite someone else's install, extra action is required (and can't be done accidentally). Thanks, - Trey [1] I created the main "installpath" as root using 'install -o root -g easybuild -m 2775 -d /apps/easybuild' [override] set-gid-bit=True sticky-bit=True umask=002 > > We've been using a dedicated user since forever, and I would > recommend > against it, since it has a couple of specific disadvantages. > > One being that the home directory (and others) quickly becomes a huge > mess of files created by the different people having access to that > account, with people stepping on each others toes unless very strict > policies are adhered to (which generally doesn't work in practice). > > Another is that it's harder to track who did what: who performed a > particular software installation, and why? > > Our intention is to shift to an 'easybuild' POSIX group, with user > support team members involved with installing software being members. > > That does require us to get the permissions right so we can install > new > versions even if someone else handled a previous version, etc. > > If we feel some support to get this right is missing, we will add it > (unless someone else has already). > > > > regards, > > Kenneth > > >
