[GE users] Prevent users from running their own scripts

reuti reuti at staff.uni-marburg.de
Thu Feb 12 11:19:22 GMT 2009


Hi,

Am 12.02.2009 um 10:06 schrieb sanfermines:

> Users have access to write on some folders of the pc, so, they can
> just create their own scripts there, and later execute them using sge.
>
> Is there anyway to prevent this to happen? For example, configuring
> sge to just run scripts from a determined folder?

you would have to:

a) disable interactive use, as you could do anything inside the  
created shell. Then

b) check the issued script, maybe in a "starter_method" in the queue  
definition, whether it's allowed to be run as the name is given to  
the starter_method as argument (like any additonal arguments).

or, another option could be, to run only signed scripts:

http://www.ibm.com/developerworks/linux/edu/l-dw-linux-lockdown1- 
i.html?S_TACT=105AGX03&S_CMP=EDU

http://www.ibm.com/developerworks/edu/l-dw-linux-lockdown2-i.html? 
S_TACT=105AGX03&S_CMP=EDU

-- Reuti


> I have been looking for such option but I couldn't find it. I tried
> even to chmod a script file to 644 but it stills executes.
>
> Thank you very much,
>
>
> Ignacio
>
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do? 
> dsForumId=38&dsMessageId=103871
>
> To unsubscribe from this discussion, e-mail: [users- 
> unsubscribe at gridengine.sunsource.net].

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=103944

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list