[Beowulf] What services do you run on your cluster nodes?
Perry E. Metzger
perry at piermont.com
Tue Sep 23 06:42:18 PDT 2008
"Robert G. Brown" <rgb at phy.duke.edu> writes:
> You can run xmlsysd as either an xinetd process or forking daemon
> (the former is more secure, perhaps, the latter makes it stand alone
> and keeps one from having to run xinetd:-).
Arguably, running processes under inetd can make them more secure, not
less, in so far as they do not need their own network listening and
daemon management code (reducing code size means less code to audit),
and the processes can be run as non-root even if they need to listen
on so-called "privileged" ports (a vile invention, but never mind, one
has to live with its existence.) All this presumes inetd runs
correctly, of course, which clearly is an assumption that may or may
not be warranted.
> It costs you one fork to run the initial daemon in the latter case, and
> a fork per connection BUT the connections are persistent TCP connections
> and hang out indefinitely.
Actually, it need not cost a fork per connection to run a daemon under
inetd. One can run a TCP wait service instead of the usual TCP nowait
service. That means that the daemon still needs to know how to do
accept, of course.
--
Perry E. Metzger perry at piermont.com
More information about the Beowulf
mailing list