CASA Consolidate Automation

Goals

  • Collect all CASA automated jobs into a few, documented user accounts.
  • Collect all CASA automated jobs onto a few, well known computers.

Requirements

  1. Automation user accounts
    1. All CASA automation must be assigned to one of three user accounts:
      1. casaadm
      2. casabld
      3. casatest
    2. Security
      1. Helpdesk may not give passwords to automated user accounts to anyone.
      2. CASA developers may have access to automation user accounts using password protected ssh keys only.
      3. Automation user accounts must be able to ssh to themselves using unprotected ssh keys.
        • casaadm -> casaadm is allowed
        • casaadm -> casabld is not allowed
        • casaadm -> casatest is not allowed
        • etc.
      4. Automation user accounts must not be able to ssh into any other user accounts.
        • This is to limit the spread of compromised user accounts in case a user account that can ssh into an automation user account is compromised.
    3. Change control
      1. Shell environments for all automation user accounts must be kept in change control.
      2. README files in each user account must describe how to update the user account shell environment.

User Accounts

casaadm

casabld

casatest

-- ScottRankin - 2012-06-25
Topic revision: r4 - 2012-07-03, ScottRankin
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NRAO Public Wiki? Send feedback