9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
* [9fans] different users for different system roles
@ 2023-02-10  8:15 Marco Feichtinger
  2023-02-10  9:30 ` Frank D. Engel, Jr.
  2023-02-10 11:19 ` hiro
  0 siblings, 2 replies; 5+ messages in thread
From: Marco Feichtinger @ 2023-02-10  8:15 UTC (permalink / raw)
  To: 9fans

If you have a grid with multiple machines, each with a dedicated system role, 
should each system role get his own user?
Like one user for file servers, one for auth, one for venti, and one for cpu servers.
Is there any point in doing that or is it better to only use one user (bootes) 
on all these machines?

-marco


------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-Mf8fd9ae58f133ff67ff1ae42
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [9fans] different users for different system roles
  2023-02-10  8:15 [9fans] different users for different system roles Marco Feichtinger
@ 2023-02-10  9:30 ` Frank D. Engel, Jr.
  2023-02-10 11:19 ` hiro
  1 sibling, 0 replies; 5+ messages in thread
From: Frank D. Engel, Jr. @ 2023-02-10  9:30 UTC (permalink / raw)
  To: 9fans

I'm not sure what the prevailing wisdom on this is at this time, but for 
whatever it may be worth[less], my own small cluster I have set up with 
a separate host owner per system role (one for the file server, one for 
the auth server, and one used by both of my CPU servers).  I'm not 
currently using venti.


On 2/10/23 3:15 AM, Marco Feichtinger wrote:
> If you have a grid with multiple machines, each with a dedicated system role,
> should each system role get his own user?
> Like one user for file servers, one for auth, one for venti, and one for cpu servers.
> Is there any point in doing that or is it better to only use one user (bootes)
> on all these machines?
> 
> -marco
> 

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-Ma64e1cb7fc9ae382404faba9
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [9fans] different users for different system roles
  2023-02-10  8:15 [9fans] different users for different system roles Marco Feichtinger
  2023-02-10  9:30 ` Frank D. Engel, Jr.
@ 2023-02-10 11:19 ` hiro
  2023-02-14  0:45   ` Lyndon Nerenberg (VE7TFX/VE6BBM)
  1 sibling, 1 reply; 5+ messages in thread
From: hiro @ 2023-02-10 11:19 UTC (permalink / raw)
  To: 9fans

> should each system role get his own user?
> Like one user for file servers, one for auth, one for venti, and one for cpu
> servers.
> Is there any point in doing that

Yes, if you share one authserver, then you'd have to use different
users in order to be allowed to use different passwords. If you're
fine with somebody finding out one password being able to access all
your services, then it doesn't matter.

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-M9d955c794ba5a3d22eca17b4
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [9fans] different users for different system roles
  2023-02-10 11:19 ` hiro
@ 2023-02-14  0:45   ` Lyndon Nerenberg (VE7TFX/VE6BBM)
  2023-02-14 10:54     ` hiro
  0 siblings, 1 reply; 5+ messages in thread
From: Lyndon Nerenberg (VE7TFX/VE6BBM) @ 2023-02-14  0:45 UTC (permalink / raw)
  To: 9fans, hiro

hiro writes:
> > should each system role get his own user?
> > Like one user for file servers, one for auth, one for venti, and one for =
> cpu
> > servers.

My was has always been to have a file system user and an auth server
user that are used ONLY for those roles.

As for CPU servers, it really depends on how you use them.  The
main reason you might want to have different CPU server owners is
to control access to physical hardware.  E.g. I have machines that
are used to control my radios via their serial and USB interfaces.
For those, I don't want the "general pupulation" to have access to
that hardware, so I run those servers under a userid that is distinct
from the "general purpose" CPU server owner.

Oh, the Pi I use for bluetooth dev work has its own host owner,
for similar reasons.

I'm sure there are other cases, but that's the only one where I've
personally had a need for multiple host owners.

--lyndon

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-Md4c6b5c3652a1888a1f863c4
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [9fans] different users for different system roles
  2023-02-14  0:45   ` Lyndon Nerenberg (VE7TFX/VE6BBM)
@ 2023-02-14 10:54     ` hiro
  0 siblings, 0 replies; 5+ messages in thread
From: hiro @ 2023-02-14 10:54 UTC (permalink / raw)
  To: Lyndon Nerenberg (VE7TFX/VE6BBM); +Cc: 9fans

agreed. compartmentalization might be used to have less
users/passwords than servers. if two cpu servers are used
interchangably for the same usecase by the same end-users, why not
give them the same credentials.

next time please try to quote correctly, lyndon.

On 2/14/23, Lyndon Nerenberg (VE7TFX/VE6BBM) <lyndon@orthanc.ca> wrote:
> hiro writes:
>> > should each system role get his own user?
>> > Like one user for file servers, one for auth, one for venti, and one for
>> cpu
>> > servers.
>
> My was has always been to have a file system user and an auth server
> user that are used ONLY for those roles.
>
> As for CPU servers, it really depends on how you use them.  The
> main reason you might want to have different CPU server owners is
> to control access to physical hardware.  E.g. I have machines that
> are used to control my radios via their serial and USB interfaces.
> For those, I don't want the "general pupulation" to have access to
> that hardware, so I run those servers under a userid that is distinct
> from the "general purpose" CPU server owner.
>
> Oh, the Pi I use for bluetooth dev work has its own host owner,
> for similar reasons.
>
> I'm sure there are other cases, but that's the only one where I've
> personally had a need for multiple host owners.
>
> --lyndon
>

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-M17036caa82debd1aa65af977
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-02-14 10:54 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-10  8:15 [9fans] different users for different system roles Marco Feichtinger
2023-02-10  9:30 ` Frank D. Engel, Jr.
2023-02-10 11:19 ` hiro
2023-02-14  0:45   ` Lyndon Nerenberg (VE7TFX/VE6BBM)
2023-02-14 10:54     ` hiro

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).