I agree with KurtBremser. In our SASGrid environment we decided to deny the x commands for sas users. All the unix commands used before was changed for SAS Programs. In some cases, you could manager exceptions creating a cfg file for some users. Besides this, our users haven't the "shell=true". This avoid the user from using ssh, sftp, and others tools. For SASWork, all sas users have the same gid ("sas"), then we can put 770 as the default permission. Don't forget that cleanwork utility should have write access to this filesystem. Regards.
... View more
