[torquedev] 2.5 Release on Cygwin
Garrick Staples
garrick at usc.edu
Thu Jul 15 09:35:07 MDT 2010
Committed. Thank you.
On Thu, Jul 15, 2010 at 04:11:25PM +0300, Igor Ilyenko alleged:
> David,
>
> I send a significant Cygwin patch against the current trunk.
>
>
> It is necessary for 2.5 Release.
>
> It should be committed.
>
>
> --
>
> Igor Ilyenko
>
> Software Architect
>
> United Institute of Information Problems NAS of Belarus
> http://uiip.bas-net.by
>
> diff -Naur ./trunk-3839/contrib/AddPrivileges ./new/contrib/AddPrivileges
> --- ./trunk-3839/contrib/AddPrivileges 2010-06-07 21:57:04.000000000 +0300
> +++ ./new/contrib/AddPrivileges 2010-07-15 15:44:00.504158303 +0300
> @@ -1,6 +1,6 @@
> #! /bin/sh
>
> -### AddPrivileges ver 1.2 17 Mar 2010 ###
> +### AddPrivileges ver 1.4 12 Jul 2010 ###
> ### ------------------------------------------------------ ###
> ### This script creates Passwd&Group files and sets ###
> ### additional privileges only for Windows users ###
> @@ -37,7 +37,7 @@
>
> --add add privileges
>
> - mom for Torque pbs_mom
> + mom for Torque pbs_mom (set the SeCreateTokenPrivilege)
> SYSTEM for native Windows user
>
> EOF
> @@ -46,7 +46,7 @@
>
> -v | --v*)
> echo
> - echo " AddPrivileges ver 1.2 17 Mar 2010"
> + echo " AddPrivileges ver 1.4 12 Jul 2010"
> exit $?
> ;;
>
> @@ -99,12 +99,13 @@
>
> editrights -a SeCreateTokenPrivilege -u "$CURRENTU"
>
> - echo " Set mom's privileges"
> + echo " Reboot your computer that the SeCreateTokenPrivilege has taken effect"
>
> fi
>
>
> editrights -a SeServiceLogonRight -u "$CURRENTU"
> +editrights -a SeAssignPrimaryTokenPrivilege -u "$CURRENTU"
>
>
> if [[ $? -eq $SUCCESS ]]; then
> diff -Naur ./trunk-3839/README.cygwin ./new/README.cygwin
> --- ./trunk-3839/README.cygwin 2010-07-09 20:40:07.000000000 +0300
> +++ ./new/README.cygwin 2010-07-14 16:52:04.000000000 +0300
> @@ -1,7 +1,7 @@
>
>
> Tested with the stable release Cygwin 1.5.25 on
> -Windows XP Pro and on Windows Server 2003 SE (both 32-bit).
> +Windows XP Pro (32/64-bit) and on Windows Server 2003 SE (32-bit).
> Tested with the stable release Cygwin 1.7.5 on 64-bit Windows 7 Ultimate.
> Can be used on heterogeneous Torque clusters.
>
> @@ -11,7 +11,7 @@
> Mail and drmaa are untested.
> In mom quota and setrlimit are not supported because Cygwin doesn't support ones.
>
> -Torque needs two Windows users (local or domain) on each host:
> +Torque needs at least two Windows users (local or domain) on each host:
> <UserAdmin> with Computer administrator privileges and
> <SimpleUser> with Limited account.
> Both users must be password protected.
> @@ -24,6 +24,10 @@
> ### Install Cygwin ###
> ###########################
>
> +Following variants are recommended:
> + Cygwin 1.5.25 on Windows XP/Server 2003;
> + Cygwin 1.7.5 (or later) on Windows 7/Server 2008.
> +
> Enter into Windows as user <UserAdmin>.
> To install Cygwin 1.5.25 browse to http://cygwin.com/win-9x.html and click the "setup-legacy.exe" link.
> Download and run setup-legacy.exe.
> @@ -45,10 +49,15 @@
>
> Download and install the default's and selected Cygwin packages.
>
> +Start a work on Cygwin with the following commands:
> +
> + #mkpasswd.exe -l -d > /etc/passwd
> + #mkgroup.exe -l -d > /etc/group
> +
>
>
> Setup openssh for <UserAdmin> and <SimpleUser> using the
> -ssh-host-config and ssh-user-config comands.
> +ssh-host-config and ssh-user-config commands
>
> Adjust an access without password prompting on each host.
>
> @@ -76,53 +85,64 @@
> necessary for normal work Torque components.
> As a rule pbs_mom is demanded more privileges than pbs_server.
>
> -You may need to assign the user account of <UserAdmin> as well as <SimpleUser> to the correct
> -groups by hand (by default they are often assigned to "none" as primary group which causes a failure of
> -the admin check the Torque daemons perform at startup). The /etc/passwd should look similar to
> -the following:
> -
> -SYSTEM:*:18:544:,S-1-5-18::
> -LocalService:*:19:544:U-NT AUTHORITY\LocalService,S-1-5-19::
> -NetworkService:*:20:544:U-NT AUTHORITY\NetworkService,S-1-5-20::
> -Administrators:*:544:544:,S-1-5-32-544::
> -<UserAdmin>:unused:500:544:<UserAdmin_FullName>,<some_id>:/home/<UserAdmin>:/bin/bash
> -<SimpleUser>:unused:17690:545:<SimpleUser>,<SimpleUser_FullName>,<some_id>:/home/<SimpleUser>:/bin/bash
> -
> -Important is the number "544" in the line of the <UserAdmin> account which tells cygwin that the <UserAdmin>
> -belongs to the local Administrator group. The /etc/group file should contain something like
> -
> -SYSTEM:S-1-5-18:18:
> -Administrators:<some_id>:544:<UserAdmin>
> -Users:<some_id>:545:<SimpleUser>
> -
> -The AddPrivileges script adds the following permissions to the Torque daemons
> -depending on the Windows version:
> - --------------------------------------------------------------------------------------------------
> -! !! ! ! !
> -! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind !
> -! !! ! ! !
> -!===================!!=======================!==========================!==========================!
> -! !! ! ! !
> -! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server 2003 !
> -! !! ! ! !
> -!-------------------!!-----------------------!--------------------------!--------------------------!
> -! !! ! ! !
> -! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows XP/Server 2003 !
> -! by <UserAdmin> !! ! SeCreateTokenPrivilege ! Windows 7 !
> -! !! ! ! !
> -!-------------------!!-----------------------!--------------------------!--------------------------!
> -! !! ! ! !
> -! Windows service !! ! ! Windows XP !
> -! by SYSTEM !! --- ! --- ! only !
> -! !! ! ! !
> -! !! ! ! !
> - --------------------------------------------------------------------------------------------------
> +Usage of privileges for known starts of Torque components is resulted in the tables:
> +
> + -------------------------------------------------------------------------------------------------------
> +! !
> +! Cygwin 1.5.25 !
> +! !
> +!-------------------------------------------------------------------------------------------------------!
> +! !! ! ! !
> +! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind !
> +! !! ! ! !
> +!===================!!=======================!===============================!==========================!
> +! !! ! ! !
> +! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server 2003 !
> +! !! ! ! !
> +!-------------------!!-----------------------!-------------------------------!--------------------------!
> +! !! ! ! !
> +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows XP/Server 2003 !
> +! by <UserAdmin> !! ! SeCreateTokenPrivilege ! Windows 7 !
> +! !! ! ! !
> +!-------------------!!-----------------------!-------------------------------!--------------------------!
> +! !! ! ! !
> +! Windows service !! --- ! --- ! Windows XP !
> +! by SYSTEM !! ! ! !
> +! !! ! ! !
> + -------------------------------------------------------------------------------------------------------
> +
> +
> + -------------------------------------------------------------------------------------------------------
> +! !
> +! Cygwin 1.7.5 or later !
> +! !
> +!-------------------------------------------------------------------------------------------------------!
> +! !! ! ! !
> +! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind !
> +! !! ! ! !
> +!===================!!=======================!===============================!==========================!
> +! !! ! ! !
> +! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server 2003 !
> +! !! ! ! !
> +!-------------------!!-----------------------!-------------------------------!--------------------------!
> +! !! ! ! !
> +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows 7 !
> +! by <UserAdmin> !! ! SeCreateTokenPrivilege ! !
> +! !! ! ! !
> +!-------------------!!-----------------------!-------------------------------!--------------------------!
> +! !! ! ! !
> +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows 7 !
> +! by <UserAdmin> !! ! SeAssignPrimaryTokenPrivilege ! !
> +! via LSA registry !! ! ! !
> +! !! ! ! !
> + -------------------------------------------------------------------------------------------------------
> +
> Warning!!! You have to understand that a installing of additional privileges
> can decrease your OS security level.
>
> -Open the ports for sshd, pbs_server, pbs_mom and pbs_sched in your firewalls.
> +Reboot your computers that the SeCreateTokenPrivilege has taken effect!
>
> -Reboot your computers!!!
> +Open the ports for sshd, pbs_server, pbs_mom and pbs_sched in your firewalls.
>
>
>
> @@ -163,9 +183,9 @@
>
> Set your server's hostsname in the .../torque/server_name file.
>
> -Submit jobs as <SimpleUser> with limited account.
> +Submit jobs as <SimpleUser> with Limited account.
>
> -For more details refer to the Torque documentation.
> +See more the Torque Documentations.
>
>
>
> @@ -196,7 +216,7 @@
> #make install
>
> Configure and initiate Torque components.
> -Install the additional privileges (see above).
> +Instal the additional privileges (see above).
>
> Use cygrunsrv.exe for install, start, stop and remove services.
> See more cygrunsrv.exe --help.
> @@ -210,7 +230,9 @@
> #./contrib/AddPrivileges --add mom
> #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe -u <UserAdmin> -w <password>
>
> -On Windows XP <UserAdmin> also can start server-sched-mom as services by
> +
> +
> +Only on Windows XP <UserAdmin> also can start server-sched-mom as services by
> Windows native user SYSTEM (uid=18):
>
> #./contrib/AddPrivileges --add SYSTEM
> @@ -219,5 +241,24 @@
> #cygrunsrv.exe -I pbs_sched -p /usr/sbin/pbs_sched.exe
> #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe
>
> +
> +
> +On Windows 7 with Cygwin 1.7.5 (or later) can use pbs_mom as services via the LSA private registry
> +area (http://cygwin.com/cygwin-ug-net/ntsec.html). Thus the very special and very dangerous
> +SeCreateTokenPrivilege is not required:
> +
> + #cygserver-config
> + #cygrunsrv.exe -S cygserver
> +
> +For each user:
> + #passwd -R
> +
> + #./contrib/AddPrivileges --add
> + #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe -u <UserAdmin> -w <password>
> +
> +This variant of Torque start has been tested with MPICH2-1.2.1 on Windows 7 x86_64.
> +
> +
> +
> Services and privileges are managed via the Windows Control Panel or command line.
>
> _______________________________________________
> torquedev mailing list
> torquedev at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torquedev
--
Garrick Staples, GNU/Linux HPCC SysAdmin
University of Southern California
Life is Good!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torquedev/attachments/20100715/6b0d7c5a/attachment.bin
More information about the torquedev
mailing list