[GE users] "locking down" grid machines

Sean Dilda agrajag at dragaera.net
Thu May 13 14:23:34 BST 2004


On Wed, 2004-05-12 at 17:11, Boone J. Severson wrote:

> Is there a method for locking down non-superuser access to a (SuSE Linux 
> 9.0) machine except for qrsh/qsub? I'm guessing our IS/IT group won't 
> enjoy creating customized /etc/passwd files but if that's the only 
> option we'll have to consider it.

I took a bit of a different approach than the others here.  I wrote a
python script that's called regularly from cron.  This script reads
through the process info in /proc (we're a linux-only cluster) and finds
all processes with a UID above 500 that aren't a descendant of sge_execd
and kills them.

This doesn't keep users from running jobs outside of SGE, but it'll
cause problems for anyone who tries it.  I've also found that sometimes
when MPI jobs die, they don't completely die and some processes will be
left hanging around.  This helps take care of those processes as well.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list