disadvantages of linux cluster - admin

Bogdan Costescu bogdan.costescu at iwr.uni-heidelberg.de
Thu Nov 7 05:01:06 PST 2002

On Wed, 6 Nov 2002 alvin at Maggie.Linux-Consulting.com wrote:

> 	- harden the server from the user standpoint
> 		- remove passwd command, remove tar, remove make/gcc...

I don't think that you are too serious here. I remember several years ago 
when the Ping-Of-Death was discussed on Bugtraq, somebody said that admins 
should remove (or remove access for users to) the "ping" program - yeah, 
sure, like nobody would be able to copy another ping binary or even 
compile its own.
As you have to let users:
 - log on to the cluster to launch jobs
 - be able to copy files to/from cluster (otherwise you do need _infinite_ 
storage space attached to the cluster),
you can't forbid installing their own versions of the same programs in 
their own home dir. It's usually as simple as:

./configure --prefix=/home/bogdan

Having make/gcc/... unavailable is sometimes impossible - when development 
is one of the purposes of the cluster. But even if they are unavailable, 
it only takes another similarly configured system (and with Linux/*BSD
it's trivial to do it these days) where the compilation takes place. Even 
when the architecture/OS is not readily available, cross-compiling can 
still be used to achieve the same goal.

> changes...  ( most expensive if it breaks - depending on 3rd party sw )
> 		- you dont need to apply any new changes unless it
> 		prevents some kind of functionality that is needed 
> 		and or a security vulnerability/exploitability

He-he, I've found that most of the things that I want to do _do_ fall into 
these categories :-)

> if one human needs help... its likely others will need the same help...
> 	- send um to the internal "help docs"

You probably missed the whole paragraph in RGB's message that was talking 
about users - I can only say that my experience here is perfectly 
described by this paragraph. Yeah, shoot them :-)

> cheaper to buy 2 systems.... than it is to buy support contracts..
> 	( keep lots of "spare parts" floating around 

I'm constantly amazed at the prolonged support contracts (like 2-3 years) 
when, as you stated earlier, HW is out-of-stock or discontinued so fast. 
Do these people keep huge stocks of whatever parts they put in your 
system ? Even DIY approach of keeping spare (OK, let's say more than 1) 
parts seems a bit too much to me, unless the cluster _must_ be homogenous.

> >   * Shoot your users.  G'wan, admit it, you've thought about it. 
> give um GUIs to use .. :-)

Noooo, I think some need direct brain UIs to be able to do something !
Even so, I have doubts :-)

Bogdan Costescu

IWR - Interdisziplinaeres Zentrum fuer Wissenschaftliches Rechnen
Universitaet Heidelberg, INF 368, D-69120 Heidelberg, GERMANY
Telephone: +49 6221 54 8869, Telefax: +49 6221 54 8868
E-mail: Bogdan.Costescu at IWR.Uni-Heidelberg.De

