You are here: TWiki> Online Web>UserGenericAccount (2009-07-13, NikoNeufeld)
Tags:
create new tag
, view all tags

Generic accounts

Generic accounts or operator accounts are accounts, which are used by several people in common. These people share all the resources of this account. In a well set-up system there is (almost) no need for interactive generic accounts, believe it or not. Since there is nevertheless a strong demand for these accounts the policy for getting and using one is listed here:

Advantages of generic accounts:

  • Uniform environment (can be also enforced by a group environment)
  • Single password - can be used by people without personal account
  • No problems with file permissions (can be also achieved by well written applications, scripts and some user discipline)

Disadvantages of generic accounts:

  • No auditing. It is impossible to know, who did what when.
  • Security issues (a logical consequence of the first point).
  • Applications and scripts will be badly written, because they will assume the specific setup of a generic account. This leads to non-portable, inflexible, fragile solutions

LHCb Online policy for generic accounts

  • Generic accounts must be requested with a justification (e.g. operation of a device)
  • Generic accounts must have a responsible user as a contact address for the administrators (e.g. your project leader)
  • Generic accounts are not allowed to login onto any gateway machines (this includes the webservers)
  • Generic accounts can not have any *privileges* ("sudo rights") except starting and stopping services

-- NikoNeufeld - 13 Jul 2009

Topic revision: r1 - 2009-07-13 - NikoNeufeld
 

TWIKI.NET
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback