[GE users] Prevent users from running their own scripts

sanfermines sanfermines at gmail.com
Mon Feb 16 08:58:09 GMT 2009


Thank you very much for your answers.

I am trying to implement the starter_method solution, but I can't find
the location of the "job script" that has been launched.

I tried to do an echo "$@" in the starter_method script but  I got
that script arg is /opt/sge/default/spool..... So I can't check where
originally that script came from.

Any ideas?

thank you very much.

On Thu, Feb 12, 2009 at 12:19 PM, reuti <reuti at staff.uni-marburg.de> wrote:
> Hi,
>
> Am 12.02.2009 um 10:06 schrieb sanfermines:
>
>> Users have access to write on some folders of the pc, so, they can
>> just create their own scripts there, and later execute them using sge.
>>
>> Is there anyway to prevent this to happen? For example, configuring
>> sge to just run scripts from a determined folder?
>
> you would have to:
>
> a) disable interactive use, as you could do anything inside the
> created shell. Then
>
> b) check the issued script, maybe in a "starter_method" in the queue
> definition, whether it's allowed to be run as the name is given to
> the starter_method as argument (like any additonal arguments).
>
> or, another option could be, to run only signed scripts:
>
> http://www.ibm.com/developerworks/linux/edu/l-dw-linux-lockdown1-
> i.html?S_TACT=105AGX03&S_CMP=EDU
>
> http://www.ibm.com/developerworks/edu/l-dw-linux-lockdown2-i.html?
> S_TACT=105AGX03&S_CMP=EDU
>
> -- Reuti
>
>
>> I have been looking for such option but I couldn't find it. I tried
>> even to chmod a script file to 644 but it stills executes.
>>
>> Thank you very much,
>>
>>
>> Ignacio
>>
>> ------------------------------------------------------
>> http://gridengine.sunsource.net/ds/viewMessage.do?
>> dsForumId=38&dsMessageId=103871
>>
>> To unsubscribe from this discussion, e-mail: [users-
>> unsubscribe at gridengine.sunsource.net].
>
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=103944
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=107108

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list