[GE users] Any reason not to have all user's workstations as submit hosts?

benmwebb ben at salilab.org
Mon Apr 12 21:12:40 BST 2010

On 04/08/2010 04:00 PM, rayson wrote:
> Mainly related to security.
> On 4/8/10, bdbaddog<bill at baddogconsulting.com>  wrote:
>> Greetings,
>> Is there any technical/performance reason to not have every user's
>> desktop as a submit host?

As Reuti points out, this basically equates to giving the owners of 
these workstations privileged access to your cluster; an SGE submit host 
can run arbitrary code (SGE jobs) on any machine in your cluster as 
*any* valid SGE user, not just the owner of the workstation. Even if you 
could prevent your users from rooting the workstation and thus 
impersonating any user, the network protocol between submit host and SGE 
master trusts the submit host and does not require an originating port < 
1024, so a cunning user can simply hack up their own SGE client and 
submit jobs as any user even without rooting the box.

To at least partially solve this problem, you could deploy CSP:

Each SGE user gets their own certificate (and those don't live under 
$SGE_ROOT) so you can then simply give our certificates only to the 
submit hosts that need them. Thus Bob can have a submit host on his 
workstation and he receives only the "bob" user certificate; thus even 
if he (or an intruder) roots that workstation, he can only submit jobs 
as the "bob" user. Of course your problem then is an increased 
administrative overhead (certificate management) plus the apparently 
much smaller number of people running SGE with CSP (we do, but I know of 
very few other sites).

ben at salilab.org                      http://salilab.org/~ben/
"It is a capital mistake to theorize before one has data."
	- Sir Arthur Conan Doyle


To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].

More information about the gridengine-users mailing list