[GE users] "locking down" grid machines

Ian Clements ian at artisan.com
Thu May 13 00:46:28 BST 2004


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]



I just did this using ssh. Depending on what version of ssh you are running, the 
line:

	 AllowUsers user1 user2 ...

 in /etc/ssh/sshd_config restrict logins to those who admin the machines. AllowGroups
can also be used. However, be aware that 'group' means primary GID (from the password
entry).

 Ian

> -----Original Message-----
> From: Ron Chen [mailto:ron_chen_123 at yahoo.com]
> Sent: Wednesday, May 12, 2004 4:19 PM
> To: users at gridengine.sunsource.net
> Subject: Re: [GE users] "locking down" grid machines
> 
> 
> If you use the default SGE rshd, then you can create
> /etc/nologin and pass -i for "rsh daemon" in the
> config.
> 
> If you use SGE with SSH using the integration descibed
> in the HOWTO, then I let me know! I am modifying sshd,
> and skip checking for /etc/nologin is one that I think
> would be useful.
> 
>  -Ron
> 
> --- "Boone J. Severson" <severson at cray.com> wrote:
> > Hello,
> > 
> > Since implementing SGE on our compute servers we've
> > had a few cases 
> > where people think they're just too busy to learn
> > the command line 
> > switches to qsub and qrsh so they just directly
> > "ssh" into the machine, 
> > bypassing the grid submit host and our
> > complexes/hard resources configs 
> > that we've got. It was ok in the beginning because
> > it was just a few 
> > known users, but now qmon is noting that several
> > queues are being 
> > disabled due to processor load when the grid is
> > unaware of any users 
> > being assigned to those queues.  >:(
> > 
> > Is there a method for locking down non-superuser
> > access to a (SuSE Linux 
> > 9.0) machine except for qrsh/qsub? I'm guessing our
> > IS/IT group won't 
> > enjoy creating customized /etc/passwd files but if
> > that's the only 
> > option we'll have to consider it.
> > 
> > Any and all input would be appreciated since I can't
> > imagine this is the 
> > first time "grid abuse" has happened.
> > 
> > Thanks,
> > Boone Severson
> > 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > users-unsubscribe at gridengine.sunsource.net
> > For additional commands, e-mail:
> > users-help at gridengine.sunsource.net
> > 
> 
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> Yahoo! Movies - Buy advance tickets for 'Shrek 2'
> http://movies.yahoo.com/showtimes/movie?mid=1808405861 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
> For additional commands, e-mail: users-help at gridengine.sunsource.net
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list