Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
beat.web
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
beat
beat.web
Commits
f146761d
There was a problem fetching the pipeline summary.
Commit
f146761d
authored
8 years ago
by
André Anjos
Browse files
Options
Downloads
Patches
Plain Diff
[doc] Document how to improve security on the worker ecosystem
parent
14b639a1
No related branches found
Branches containing commit
No related tags found
Tags containing commit
1 merge request
!194
Scheduler
Pipeline
#
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
doc/admin/installation.rst
+27
-2
27 additions, 2 deletions
doc/admin/installation.rst
todo.rst
+0
-6
0 additions, 6 deletions
todo.rst
with
27 additions
and
8 deletions
doc/admin/installation.rst
+
27
−
2
View file @
f146761d
...
...
@@ -372,10 +372,35 @@ concerning these. We provide only some tips which we consider important:
- The scheduler needs read/write access to the cache directory. It does
not use the prefix directory and does not read or treat user
contributions.
contributions.
The scheduler also need access to the Django database.
- The workers need read/write access to the cache directory and read
access to the prefix directory.
access to the prefix directory. The workers also need access to the
Django database.
- The processes launched by the worker need to have similar permissions
as their worker. The user executable though, should have demoted
permissions to increase security. For example, no need to access the
Django database (or the settings file), the prefix or the cache. All is
done via the parent process. In order to implement this, the easiest is
to make sure the worker process is run by an unpriviledged user and a
group with the right access permissions, allowing it to access the
Django database (and the Django settings file), the prefix and the
cache. This will be inherited by the processes launched by the worker,
that will serve data to the processes wrapping the user code. To demote
the user process, just set the group id of the environment executable
to an unpriviledged group. This way, the following security chain is
achieved (pseudo user/groups)::
worker -> process -> environment exec(user code)
[nobody:beat] [nobody:beat] [nobody:nogroup]
It is a requirement by the BEAT platform that this process chain
belongs to the same user. Signals for stopping or killing the
applications in the chain if necessary.
If you don't do anything, then the user code will be run in a process
with the same privileges as the worker application.
* E-mail privileges: e-mailing maybe configured as part of the Django_
standard logging facilities or used to report experiment completion and
...
...
This diff is collapsed.
Click to expand it.
todo.rst
+
0
−
6
View file @
f146761d
...
...
@@ -59,9 +59,3 @@ Experiments
* Make sure to remove any spurious logs from the beat.scheduler before
introducing stdout/stderr components to the experiment view
Backend
-------
* Support for launching user process under a different user name
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
