...
There is no need for the VMs to be general purpose machines. Restrictions like the following should keep the machines and other SLAC resources from being trashed without interfering with the functions we require. (Even though, in light of 10-year rhel6 lifetime, these restrictions are no longer crucial, it's still probably a good idea to implement most if not all.)
- VMs should not have write access to any "regular" public space (space to which centrally-supported public log-in machines also have access).
- VMs need have no access at all to SLAC user home directories.
- Access to any device to which VM may write should be carefully controlled and limited to selected user ids. Output from VM jobs can be copied to a public area after vetting.
- Interactive login to VMs normally used for batch should be restricted to a small number of users (using usernames distinct from their regular SLAC usernames?), just those involved in maintenance of the VMs and perhaps some developers if there are needs that can't be met by the dedicated interactive login VMs
- Interactive login to VM development machines should also be restricted: to VM maintainers and active developers.
- VMs should only have software installed if it's required; everything else should be stripped out; in particular, no browsers and no email programs.
- Ports which are not required should be disabled.
...