[GE users] Restricting Logon To Execute Nodes ..

Reuti reuti at staff.uni-marburg.de
Mon Jul 23 10:53:43 BST 2007


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]

Hi,

Am 23.07.2007 um 09:43 schrieb Graham Jenkins:

> We're facing some possible issues where ordinary users can login to a
> head node, the ssh to an execute node and run jobs there.
>
> And we tried setting user login shells on the execute nodes to:
> /sbin/nologin
>
> But that stopped Globus (and probably qsub) from working for mpich and
> other jobs.
>
> So .. does anybody have a solution for this?

I don't know about the Globus Integration (whether it will still  
work), but when you have a Tight Integration of all the parallel  
jobs, you could have a cluster without ssh or rsh at all. Another  
option (I use), is to allow ssh to the nodes only for admin staff,  
which you can enter in /etc/ssh/sshd_config ("AllowUsers reuti"). So  
noone can login there at all, besides using the granted interactive  
queue (for checking the state of the running jobs there), which I  
setup with a h_cpu limit of 60 seconds.

--  Reuti

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list