Hello Cryosparc team,
I just came across the cryosparc-tools, which is a great way to interact with cryosparc and I really like it. I wanted to get the username from the user id, so i used the cryosparc.command.CommandClient to get it.
Here I realized that I do not need any authentication, unlike with the normal cryosparc.tools.CryoSPARC, and I can get full cli access to cryosparc with just knowing the license key no matter of the user invoking the script nor the machine I am working on.
When I want to connect via cryosparcm it checks for the user and the host.
Is this the intended behavior? I checked the “How to obtain a License page” in the beginning and there was not mentioned that the license key is that important to gain full access to the instance.
We use a cluster where we need to run the jobs in the user context and therefore the user invokes the cryosparcw command from within the submission script. But the cryosparcw command requires the config.sh to be readable by the user, and therefore every user that knows what he is doing is in principle able to gain full administrative access.
Is that correct and do you know a way to prevent this except for every user having to maintain their own instance on the head node? (Which is not an option btw ^^)
Best,
Markus
