Security policy for Sigma2 infrastructure

Privileges

• Users shall not be able to escalate their privilege by any means. Any patch or mechanism to accomplish this shall be rolled out without undue delay.

Data access and file permissions

• Users data are personal and private

• Users shall not be able to access other users home directories or scratch areas

• Project data is private to the project and is controlled by the project lead

• The PL has sole discretion over access to the project, and thus to its project area.

Network access for users

• Users shall enter the system via approved login nodes

• Compute nodes shall not have direct access to the public internet

• In cases where compute nodes need internet access, e.g. license servers, this is to be documented and traceable