[GE users] Any reason not to have all user's workstations as submit hosts?

reuti reuti at staff.uni-marburg.de
Mon Apr 12 18:23:43 BST 2010


Am 12.04.2010 um 19:18 schrieb bdbaddog:

> Reuti,
> 
> On Mon, Apr 12, 2010 at 9:05 AM, reuti <reuti at staff.uni-marburg.de> wrote:
>> Am 12.04.2010 um 12:35 schrieb rumpelkeks:
>> 
>>> Well, we've got a lot of things - certainly /home - on a central file
>> 
>> I would be concerned that someone uses local root access to gain access to other users files and credentials.
> 
> That's how most large deployments are done.
> (I've been at companies with up to 5k employees done this way, and
> even allowed mounting home dir's over the WAN, which was slow of
> course, but functional)
> All workstations use automount to mount /home's from various fileservers.
> There's also a noroot option on mount which won't let root access or
> is it just write/modify non local filesystems.

But when a user has local root access, he could create a local user for the one he want to access on the cluster - just use the right ID. Are there more protections to avoid this?

-- Reuti


> -Bill
> 
>> 
>> -- Reuti
>> 
>> 
>>> system. Likewise, SGE is installed on a central application server. All
>>> our systems have a 'standard' environment setup, the cluster nodes are
>>> in no way treated special - so the user environment on the nodes is the
>>> same as on the workstations, with the same software/data in the same
>>> paths and all.
>>> 
>>> Tina
>>> 
>>> reuti wrote:
>>>> Hi,
>>>> 
>>>> Am 12.04.2010 um 11:51 schrieb rumpelkeks:
>>>> 
>>>>> We do that - nearly all our hosts (definitely all workstations and
>>>>> cluster nodes, and many of the servers) are submit hosts. Roughly 400 in
>>>>> total. So far, not had any problems with it; definitely not seen any
>>>>> performance (or other technical) problems.
>>>> 
>>>> how are the job(scripts) submitted? All workstations mount /home also local?
>>>> 
>>>> -- Reuti
>>>> 
>>>> 
>>>>> Tina
>>>>> 
>>>>> rayson wrote:
>>>>>> Mainly related to security.
>>>>>> 
>>>>>> Rayson
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 4/8/10, bdbaddog <bill at baddogconsulting.com> wrote:
>>>>>>> Greetings,
>>>>>>> 
>>>>>>> Is there any technical/performance reason to not have every user's
>>>>>>> desktop as a submit host?
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> -Bill
>>>>>>> 
>>>>>>> ------------------------------------------------------
>>>>>>> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=252755
>>>>>>> 
>>>>>>> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>>>>>>> 
>>>>>> ------------------------------------------------------
>>>>>> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=252758
>>>>>> 
>>>>>> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>>>>>> 
>>>>> 
>>>>> --
>>>>> Tina Friedrich, Computer Systems Administrator, Diamond Light Source Ltd
>>>>> Diamond House, Harwell Science and Innovation Campus - 01235 77 8442
>>>>> 
>>>>> ------------------------------------------------------
>>>>> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253112
>>>>> 
>>>>> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>>>> 
>>>> ------------------------------------------------------
>>>> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253114
>>>> 
>>>> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>>>> 
>>> 
>>> 
>>> --
>>> Tina Friedrich, Computer Systems Administrator, Diamond Light Source Ltd
>>> Diamond House, Harwell Science and Innovation Campus - 01235 77 8442
>>> 
>>> ------------------------------------------------------
>>> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253115
>>> 
>>> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>> 
>> ------------------------------------------------------
>> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253142
>> 
>> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
>> 
> 
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253152
> 
> To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253153

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list