White dot for spacing only
The Dice Project


DICE Meeting 2002-10-15

Conference Suite, BP, 1100-1300

Agenda

  1. Shared working (Groups/NSU)
  2. Reviewing DICE
  3. Shared filespace
Apologies: Toby, Andrew, Richard, Julieta
Minutes: Jeremy

Decisions

  1. Shared filespace hierarchy: There will be a shared filespace hierarchy based at /group with an unrestricted structure. This will be rfe-editable

Actions summary

NB: this section includes:
  1. Actions Arising - MIS feed: check about getting data direct. (noted 2002-04-02)
    [Neil]
  2. Actions Arising - Searchable cos@inf : setup Harvester/glimpse (noted 2002-06-11)
    [Julieta]
  3. Actions Arising - MSc/Phd group: check whether new group needed. Awaiting response from Gillian and Jon (noted 2002-06-25)
    [Ken]
  4. Actions Arising - 32-bit UID: check kernel issues RH 7.1 and above. (noted 2002-08-06)
    [Alastair]
  5. Actions Arising - support email address: alternative address needed (noted 2002-08-06)
    [Chris/John]
  6. Actions Arising - client sendmail.cf: The mail team will update the client sendmail.cf to copy root mail to the rootmail list and to the mail.root value (or equivalent). (noted 2002-08-20)
    [mail team]
  7. Actions Arising - DICE environment: DICE specific elements of the environment need to be factored out. (noted 2002-09-03)
    [Craig]
  8. Actions Arising - www.automation.ucs: Roger will check with EUCS about access for key Informatics computing staff to www.automation.ucs.ed.ac.uk. (noted 2002-09-03)
    [Roger]
  9. Actions Arising - s-team internal mailing list: Chris will raise the issue in December/January (noted 2002-09-03)
    [Chris]
  10. Actions Arising - Web access control for staff: Neil and Simon will need to give further thought to a long term solution. (noted 2002-09-03)
    [Neil, Simon]
  11. Actions Arising - Access control to www.informatics: Ken will replace the current names used for staff access control with each staff member's UUN. He will inform those staff most affected. (noted 2002-09-03)
    [Ken]
  12. Actions Arising - access protocols for mail.inf: Neil will poll for comments on the dropping of insecure imap connections to mail.inf from outwith the ed.ac.uk domain. (noted 2002-09-03)
    [Neil]
  13. Actions Arising - Advice on mail folders: Chris and Morna will coordinate the writing of advice on mail folders. (noted 2002-09-03)
    [Chris, Morna]
  14. Actions Arising - Selling DICE: Benefits: Alison will direct the production of a brief document describing the benefits of moving to DICE. (noted 2002-09-03)
    [Alison]
  15. Actions Arising - Selling DICE: Mail backups: Mail on mail.inf will be backed up for longer than 30 days until there is time to discuss this at Computing Committee. (noted 2002-09-03)
    [Chris, CEG]
  16. Actions Arising - Mail bounces: further testing to identity solution (noted 2002-09-17)
    [Neil/Morna]
  17. Actions Arising - Mail folders/quotas: proposal for policy/implementation (noted 2002-09-17)
    [Mail team]
  18. Review: Presentations: Account Management Technology(noted 2002-10-15)
    [Ken]
  19. Review: Presentations: produce schedule (noted 2002-10-15)
    [Jeremy]
  20. Shared filespace: create rfe-able hierarchy (noted 2002-10-15)
    [George]
  21. Shared filespace: coordinate requirements(noted 2002-10-15)
    [Bill]

Minutes

  1. Shared working (groups/nsu)

    Users are finding problems with changes under DICE that mean that they cannot share information particularly easily. This particularly relates to not having pseudo-user accounts and associated use of a separate mailbox relating to that pseudo-user account.

    However, there is also a problem that users are used to existing solutions and assume that the only way to solve them is to continue with that approach. We need to work with users to identify what their actual needs are and identify suitable solutions. (Typically these will not be single solutions such as pseudo-user accounts.)

    With respect to mailboxes there does appear to be a technical solution whereby IMAP folders on mail.inf can be made available to more than one user. In the case where shared mailboxes are used there is, however, a danger that all mail kept centrally for history purposes will be unintentionally deleted when being collected. Users will need to be advised of the related issues.

    These sharing issues are closely connected with the issue of shared filespace --- see below for actions.

    Note on use of pseudo-user accounts:
    where a user adopts a shared identity, even if it is not an account for a real person, overall security and auditability are significantly affected. It is of course a policy decision as to how important that is. However, in the longer term DICE will move to using authenticated filesystems and at that point it becomes virtually impossible to provide a mechanism by which one user gains another account's privileges, while still being logged in as the original user. Consequently the aim is to provide suitable alternatives to the traditional use of pseudo-user accounts.

  2. Review

    We have reached a significant stage in the rollout of DICE. There are currently over 320 machines working and most sites have a significant DICE presence.

    There has been a great rush to get systems working in time for the new academic year and we now need a review. The following summary was posted before the meeting but is worth having on record:

    1. There is still a lot of DICE development work to do (indeed this will be ongoing). This includes converting existing legacy services and implementing the remaining parts of the planned core functionality (like secure filesystems), as well as new services (such as VPNs, etc). This is what we have been calling "stage 2", but it will of course happen more gradually than the "stage 1".

    2. We would like to start identifying the tasks for stage 2, but it is more important to consider stage 1 first:
      • the current stage 1 deployment has been done very quickly, and it now needs careful review:
      • we need to ensure that the stage 1 tasks are sufficiently complete to be sustainable, and provide a production quality service.
      • we want to ensure that the design and implementation of the services does indeed meet the requirements and quality that we need.
      • we need to identify the work that still needs doing to achieve the above aims.
      • we need to re-allocate effort to concentrate on these tasks with priority over other developments.

    The plan is to arrange for individual tasks to make presentations to all COs about their task, including a reasonable level of detail on implementation, and particularly where that diverges from the original design. Theses presentations will be followed by more in-depth analysis as required by those interested

    The first presentation will be on Account Management Technologies by Ken on 29 October (the meeting will be at KB).

    [ACTION: Ken]

    There will be a schedule for the remainder of the presentations presented as soon as possible.

    [ACTION: Jeremy]

  3. Shared filespace

    There have been a significant number of requests, some very pressing, for shared filespace to be made available, particularly for teaching-related purposes.

    While not all situations actually require shared filespace there are many instances, eg use of large shared datasets, where there is currently no suitable alternative.

    In principle the idea of shared filespace was already agreed (cf. 2002-06-11) but there has been no decision on the hierarchy.

    The decision was that there would be a top-level entry /group and that everything below would be pretty much free-form. This will be configurable via an rfeable file.

    [ACTION: George]

    The issue of UNIX groups was also raised as shared filespace will typically need to be in relevant groups in order to make use of it with suitable access permissions. There is an NFS limitation on the number of groups that a user can be in and still have permissions work - this limit is 8. Any groups created therefore need to be done with broad rather than specialised constituencies in mind (eg, allow data used by one particular course to be group-owned by 'staff' rather than creating a specific group for that course).

    There are still a number of different scenarios under which shared filespace will be used. The Filesystems task team will coordinate information from each site on the different requirements.

    [ACTION: Bill]
  4. Matters arising from minutes of last meeting (2002-09-17)

    There was no discussion of matters arising.

    [The following actions are Done.]

  5. Actions Arising - DICE deployment publicity: Site managers to provide (noted 2002-03-19)
    Done
  6. Actions Arising - Documentation: DICE-oriented Inf/Systems page (noted 2002-08-06)
    Done
  7. Actions Arising - Admin staff mail transition: Admin staff will be assisted to convert from legacy mail servers to mail.inf as soon as possible (noted 2002-08-20)
    Done
  8. Actions Arising - Newsgroups: what teaching newsgroups are needed. Awaiting response from Gillian. (noted 2002-07-23)
    Done
  9. amdThere is a possibility that fishsupper.inf is still suffering from amd problems. Enable full debugging on amd on fishsupper.inf. (noted 2002-09-03)
    Done
  10. Mail bounces: identity/advise affected users (noted 2002-09-17)
    Done
  11. Kernel/rpmcfg upgrade: instructions to be publicised (noted 2002-09-17)
    Done
  12. Mail bounces: install interim fix to avoid possibility of bounces (noted 2002-09-17)
    Done
  13. staff mail changeover: some redirects to be checked (noted 2002-09-17)
    Done
  14. spamassassin: liaise with EUCS over options (noted 2002-09-17)
    Done


 : Deploy : Meetings 

Mini Informatics Logo - Link to Main Informatics Page
Please contact us with any comments or corrections.
Unless explicitly stated otherwise, all material is copyright The University of Edinburgh
Spacing Line