[GE users] reserved ports in SGE 6.0
andy.schwierskott at sun.com
Mon Nov 22 10:22:44 GMT 2004
> I noticed that the install scripts for SGE 6.0u1 claim to support the
> '-resport' option, for having SGE require reserved ports. The
> 'source/security/security.html' file also refers to this option.
> Unfortunately, I couldn't find any reference to it in the install docs,
> and taking a closer look at the install scripts leads me to believe they
> mostly ignore the option.
That's a bug.
> So, did SGE 6.0 drop support for reserved ports? If so, why? Is there
> any chance at it coming back?
The reason to drop support for it was the problem that it requires switching
the user to root (from admin user) to get a socket below 1024 with the
Since qmaster (and indirectly all clients using commlib) now use multiple
threads and the euid/euid is process global it's not possible to to switch
the user once the threads are initialized after startup without interfering
the functionality of other threads.
> I've looked at the CSP option, however its a bit of extra admin overhead
> and in my environment won't provide any additional security over what
> reserved ports would give. As such, I'd much rather go with reserved
> ports if possible.
I agree - there an overhead but I think in terms of additional security you
can achieve it should be worth the effort for any site which needs to
address security related challenges.
On our mid-term (hopefully not long term) roadmap we want to have a better
integration with existing security infrastructures (based on LDAP). This
will allow a site to reuse the certificates without the need for setting up
a "shadow" certificate infrastructure which onyl can be uses by Grid Engine.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Andy Schwierskott Tel: +49 (0)941 3075-200 (x60200)
N1 Grid Engine Engineering Fax: +49 (0)941 3075-222 (x60222)
Sun Microsystems GmbH
Dr.-Leo-Ritter-Str. 7 mailto:andy.schwierskott at sun.com
D-93049 Regensburg http://www.sun.com/gridware
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net
More information about the gridengine-users