[Beowulf] block runing jobs individually on each node
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Josip Loncaric josip at lanl.govThu Apr 7 13:26:16 PDT 2005
- Previous message: [Beowulf] block runing jobs individually on each node
- Next message: [Beowulf] /. Cooler room or cooler servers?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
jerry xu wrote: > > I just want to forbid people running any of their own program at each > node. They are only allowed to submit job through the batch system > (OpenPBS). You can use PAM to prevent logins into your nodes for most users. Just modify /etc/pam.d/rlogin to include the line auth requisite /lib/security/pam_localuser.so file=/etc/loginusers immediately after the pam_nologin.so entry, and copy the /etc/passwd entries for authorized rlogin users (usually only root) to /etc/loginusers on your nodes. Any user not in /etc/loginusers will be denied rlogin, although they will still be able to rexec. This won't work for /etc/pam.d/rexec because PBS normally needs rexec to start permissible jobs. A crude tool to at least encourage PBS use is a cron job to kill regular users' non-PBS jobs, e.g. hourly or even more often. A PBS job will have PBS environment variables defined. On my old cluster, we were satisfied with the above two measures, since inadvertent rlogin was our only real problem. Finally, perhaps someone has written a PAM module that restricts normal users' node access to PBS jobs only. Sincerely, Josip
- Previous message: [Beowulf] block runing jobs individually on each node
- Next message: [Beowulf] /. Cooler room or cooler servers?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list