Tags:
create new tag
, view all tags

User privileges ("sudo rights")

Many operations on an operating system require privileges. This is not done to police people or make life difficult but to protect the integrity of machines, applications and the entire cluster. Last but not least, injudicious use of privileges is the single biggest security risk. This page describes the LHCb Online policy on user privileges and the procedure to get specific privileges.

LHCb Online privilege policy

  1. Privileges are only given to personal accounts. Privileged operations, e.g.: reboot, are logged.
  2. No privileges are given on critical, central machines such as the file-servers and gateways

Standard privileges, usually only available on the machines belonging to your detector:

  1. Kill arbitrary processes
  2. Reboot machines
  3. Start/stop system services
  4. Run wireshark
  5. Run netstat, lsof

Windows specific issues

MS-Windows has a rather broken security model. The standard user rights are so limited that they allow working only in an office environment . Some workarounds have been put into place like TaskMgrAdmin and ServiceMill plus. For Windows controls PCs we add people to the Local Administrator group, if they need more rights. The coordination of the members of the Local Administrators group, such that they do not interfere with each other is the responsability of each group.

How to obtain additional privileges?

  1. Send a mail to the helpdesk stating what you want to do and which privilege you require on which machines
  2. We assume that this is ok with your commissioning or ECS coordinator

-- NikoNeufeld - 13 Jul 2009

Topic revision: r1 - 2009-07-13 - NikoNeufeld
 

TWIKI.NET
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback