[GE users] Any reason not to have all user's workstations as submit hosts?
ben at salilab.org
Mon Apr 12 21:12:40 BST 2010
On 04/08/2010 04:00 PM, rayson wrote:
> Mainly related to security.
> On 4/8/10, bdbaddog<bill at baddogconsulting.com> wrote:
>> Is there any technical/performance reason to not have every user's
>> desktop as a submit host?
As Reuti points out, this basically equates to giving the owners of
these workstations privileged access to your cluster; an SGE submit host
can run arbitrary code (SGE jobs) on any machine in your cluster as
*any* valid SGE user, not just the owner of the workstation. Even if you
could prevent your users from rooting the workstation and thus
impersonating any user, the network protocol between submit host and SGE
master trusts the submit host and does not require an originating port <
1024, so a cunning user can simply hack up their own SGE client and
submit jobs as any user even without rooting the box.
To at least partially solve this problem, you could deploy CSP:
Each SGE user gets their own certificate (and those don't live under
$SGE_ROOT) so you can then simply give our certificates only to the
submit hosts that need them. Thus Bob can have a submit host on his
workstation and he receives only the "bob" user certificate; thus even
if he (or an intruder) roots that workstation, he can only submit jobs
as the "bob" user. Of course your problem then is an increased
administrative overhead (certificate management) plus the apparently
much smaller number of people running SGE with CSP (we do, but I know of
very few other sites).
ben at salilab.org http://salilab.org/~ben/
"It is a capital mistake to theorize before one has data."
- Sir Arthur Conan Doyle
To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
More information about the gridengine-users