[GE users] "locking down" grid machines

Ron Chen ron_chen_123 at yahoo.com
Thu May 13 00:19:24 BST 2004


If you use the default SGE rshd, then you can create
/etc/nologin and pass -i for "rsh daemon" in the
config.

If you use SGE with SSH using the integration descibed
in the HOWTO, then I let me know! I am modifying sshd,
and skip checking for /etc/nologin is one that I think
would be useful.

 -Ron

--- "Boone J. Severson" <severson at cray.com> wrote:
> Hello,
> 
> Since implementing SGE on our compute servers we've
> had a few cases 
> where people think they're just too busy to learn
> the command line 
> switches to qsub and qrsh so they just directly
> "ssh" into the machine, 
> bypassing the grid submit host and our
> complexes/hard resources configs 
> that we've got. It was ok in the beginning because
> it was just a few 
> known users, but now qmon is noting that several
> queues are being 
> disabled due to processor load when the grid is
> unaware of any users 
> being assigned to those queues.  >:(
> 
> Is there a method for locking down non-superuser
> access to a (SuSE Linux 
> 9.0) machine except for qrsh/qsub? I'm guessing our
> IS/IT group won't 
> enjoy creating customized /etc/passwd files but if
> that's the only 
> option we'll have to consider it.
> 
> Any and all input would be appreciated since I can't
> imagine this is the 
> first time "grid abuse" has happened.
> 
> Thanks,
> Boone Severson
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe at gridengine.sunsource.net
> For additional commands, e-mail:
> users-help at gridengine.sunsource.net
> 



	
		
__________________________________
Do you Yahoo!?
Yahoo! Movies - Buy advance tickets for 'Shrek 2'
http://movies.yahoo.com/showtimes/movie?mid=1808405861 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list