If you have a grid with multiple machines, each with a dedicated system role, should each system role get his own user? Like one user for file servers, one for auth, one for venti, and one for cpu servers. Is there any point in doing that or is it better to only use one user (bootes) on all these machines? -marco ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-Mf8fd9ae58f133ff67ff1ae42 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
I'm not sure what the prevailing wisdom on this is at this time, but for whatever it may be worth[less], my own small cluster I have set up with a separate host owner per system role (one for the file server, one for the auth server, and one used by both of my CPU servers). I'm not currently using venti. On 2/10/23 3:15 AM, Marco Feichtinger wrote: > If you have a grid with multiple machines, each with a dedicated system role, > should each system role get his own user? > Like one user for file servers, one for auth, one for venti, and one for cpu servers. > Is there any point in doing that or is it better to only use one user (bootes) > on all these machines? > > -marco > ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-Ma64e1cb7fc9ae382404faba9 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
> should each system role get his own user? > Like one user for file servers, one for auth, one for venti, and one for cpu > servers. > Is there any point in doing that Yes, if you share one authserver, then you'd have to use different users in order to be allowed to use different passwords. If you're fine with somebody finding out one password being able to access all your services, then it doesn't matter. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-M9d955c794ba5a3d22eca17b4 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
hiro writes: > > should each system role get his own user? > > Like one user for file servers, one for auth, one for venti, and one for = > cpu > > servers. My was has always been to have a file system user and an auth server user that are used ONLY for those roles. As for CPU servers, it really depends on how you use them. The main reason you might want to have different CPU server owners is to control access to physical hardware. E.g. I have machines that are used to control my radios via their serial and USB interfaces. For those, I don't want the "general pupulation" to have access to that hardware, so I run those servers under a userid that is distinct from the "general purpose" CPU server owner. Oh, the Pi I use for bluetooth dev work has its own host owner, for similar reasons. I'm sure there are other cases, but that's the only one where I've personally had a need for multiple host owners. --lyndon ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-Md4c6b5c3652a1888a1f863c4 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
agreed. compartmentalization might be used to have less users/passwords than servers. if two cpu servers are used interchangably for the same usecase by the same end-users, why not give them the same credentials. next time please try to quote correctly, lyndon. On 2/14/23, Lyndon Nerenberg (VE7TFX/VE6BBM) <lyndon@orthanc.ca> wrote: > hiro writes: >> > should each system role get his own user? >> > Like one user for file servers, one for auth, one for venti, and one for >> cpu >> > servers. > > My was has always been to have a file system user and an auth server > user that are used ONLY for those roles. > > As for CPU servers, it really depends on how you use them. The > main reason you might want to have different CPU server owners is > to control access to physical hardware. E.g. I have machines that > are used to control my radios via their serial and USB interfaces. > For those, I don't want the "general pupulation" to have access to > that hardware, so I run those servers under a userid that is distinct > from the "general purpose" CPU server owner. > > Oh, the Pi I use for bluetooth dev work has its own host owner, > for similar reasons. > > I'm sure there are other cases, but that's the only one where I've > personally had a need for multiple host owners. > > --lyndon > ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T690e4304847a34e4-M17036caa82debd1aa65af977 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription