Tim Cutts wrote:
>> In article <6o505o$mra$1 at grandprime.binc.net>,
> Joseph J. King, Ph.D. <jking at mailbag.com> wrote:
>> >No special privileges are required. In fact, SeqWeb is designed
> >so that it can run as "nobody." This is a more secure
> >arrangement then having the server run as root so that it can
> >change users at login or gain access to all users' files on your
> >system.
>> That sounds fine from a security standpoint, but dreadful from an
> accounting standpoint, if I want to charge departments at my
> institution for their CPU time use. With W2H it still gets accounted
> to the individual user, because the jobs get run as that user. Is
> there any sensible accounting facility that will tie in with CPU use
> in SeqWeb?
>
SeqWeb keeps track of each researchers usage (the number of
programs run and cpu usage) and produces a formatted report with
summaries for selected time periods. In addition, it keeps track
of how the Wisconsin Package is being used.
And Francois Jeanmougin wrote:
> >> 3) What impact on system security might the web interface pose?
> >
> > Since the SeqWeb server runs as a non-privileged user and never
> > has to access files outside of the Wisconsin Package and SeqWeb,
> > it is no less secure than your average web server and CGI.
>> But then all the data is shared between SeqWeb users,
and is world readable if the server is not closed. If I manage
> two institutes (I have, and I have licences to :)), I want to keep
> some of the data protected (at least the data form the two different
> institute) because some of this data is patented or private.
>> Let me know how the user can use seqweb in such conditions?
Because all of the cached data is owned by SeqWeb, you don't have
to grant any access to any other UNIX user. SeqWeb won't, by
default, allow other users to access each others data via http.
It does allow projects to be created where the researcher that
creates the project can decide with whom they wish to share
data. In this instance, the data will be shared among the
designated researchers. If this sounds like too much power for
some of your users, SeqWeb has the site administrator decide
which users are allowed to create and participate in projects.
So you could install SeqWeb once for both institutes. Under this
arrangement you could set it up so that only SeqWeb and root can
access the SeqWeb files from UNIX which would still allow some
collaboration within and between institutes via SeqWeb.
Alternatively, you may want to install it twice (you don't need
another computer to do this or a second copy of the Wisconsin
Package). This way the truly paranoid could have SeqWeb run as
two different non-privileged users (this seems unnecessary but if
it makes you feel better, what the heck).
Regards,
Joe
--
Joseph J. King
jking at mailbag.com
madnordski - http://danenet.wicip.org/madnord/
