AWS deadline-cloud documentation change
Summary
Emphasized security boundary through jobRunAsUser configuration
Security assessment
Strengthens existing security documentation about privilege separation but doesn't indicate a new vulnerability. Reinforces best practices for access control.
Diff
diff --git a/deadline-cloud/latest/developerguide/worker-host.md b/deadline-cloud/latest/developerguide/worker-host.md index 30cef42b8..177672da3 100644 --- a//deadline-cloud/latest/developerguide/worker-host.md +++ b//deadline-cloud/latest/developerguide/worker-host.md @@ -191 +191 @@ This section describes the required user and group relationship between the agen -The Deadline Cloud worker agent should run as a dedicated agent-specific user on the host. You should configure the `jobRunAsUser` property of Deadline Cloud queues so that workers will run the queue jobs as a specific operating system user and group. This means you can control the shared filesystem permissions that your jobs have. It also provides as an important security boundary between your jobs and the worker agent user. +The Deadline Cloud worker agent should run as a dedicated agent-specific user on the host. You should configure the `jobRunAsUser` property of Deadline Cloud queues so that workers will run the queue jobs as a specific operating system user and group. This configuration means you can control the shared filesystem permissions that your jobs have. It also provides as an important security boundary between your jobs and the worker agent user.