[torquedev] 2.5 Release on Cygwin

Garrick Staples garrick at usc.edu
Thu Jul 15 09:35:07 MDT 2010


Committed. Thank you.

On Thu, Jul 15, 2010 at 04:11:25PM +0300, Igor Ilyenko alleged:
> David,
> 
> I send a significant Cygwin patch against the current trunk.
> 
> 
> It is necessary for 2.5 Release.
> 
> It should be committed.
> 
> 
> -- 
> 
> Igor  Ilyenko
> 
> Software Architect
> 
> United Institute of Information Problems NAS of Belarus
> http://uiip.bas-net.by
> 

> diff -Naur ./trunk-3839/contrib/AddPrivileges ./new/contrib/AddPrivileges
> --- ./trunk-3839/contrib/AddPrivileges	2010-06-07 21:57:04.000000000 +0300
> +++ ./new/contrib/AddPrivileges	2010-07-15 15:44:00.504158303 +0300
> @@ -1,6 +1,6 @@
>  #! /bin/sh
>  
> -###       AddPrivileges  ver 1.2     17 Mar 2010           ###
> +###       AddPrivileges  ver 1.4     12 Jul 2010           ###
>  ### ------------------------------------------------------ ###
>  ###  This script creates Passwd&Group files and sets       ###
>  ###   additional privileges only for Windows users         ###
> @@ -37,7 +37,7 @@
>  
>     --add           add privileges 
>  
> -               mom      for Torque pbs_mom
> +               mom      for Torque pbs_mom (set the SeCreateTokenPrivilege)
>                 SYSTEM   for native Windows user
>  
>  EOF
> @@ -46,7 +46,7 @@
>  
>    -v | --v*)
>      echo
> -    echo " AddPrivileges  ver 1.2    17 Mar 2010"
> +    echo " AddPrivileges  ver 1.4    12 Jul 2010"
>      exit $?
>      ;;
>  
> @@ -99,12 +99,13 @@
>  
>      editrights -a SeCreateTokenPrivilege -u "$CURRENTU"
>  
> -    echo "   Set mom's privileges"
> +    echo "   Reboot your computer that the SeCreateTokenPrivilege has taken effect"
>  
>  fi
>  
>  
>  editrights -a SeServiceLogonRight -u "$CURRENTU"
> +editrights -a SeAssignPrimaryTokenPrivilege -u "$CURRENTU"
>  
>  
>  if [[ $? -eq $SUCCESS ]]; then
> diff -Naur ./trunk-3839/README.cygwin ./new/README.cygwin
> --- ./trunk-3839/README.cygwin	2010-07-09 20:40:07.000000000 +0300
> +++ ./new/README.cygwin	2010-07-14 16:52:04.000000000 +0300
> @@ -1,7 +1,7 @@
>  
>  
>  Tested with the stable release Cygwin 1.5.25 on 
> -Windows XP Pro and on Windows Server 2003 SE (both 32-bit).
> +Windows XP Pro (32/64-bit) and on Windows Server 2003 SE (32-bit).
>  Tested with the stable release Cygwin 1.7.5 on 64-bit Windows 7 Ultimate.
>  Can be used on heterogeneous Torque clusters.
>  
> @@ -11,7 +11,7 @@
>  Mail and drmaa are untested.
>  In mom quota and setrlimit are not supported because Cygwin doesn't support ones.
>  
> -Torque needs two Windows users (local or domain) on each host:
> +Torque needs at least two Windows users (local or domain) on each host:
>  <UserAdmin> with Computer administrator privileges and 
>  <SimpleUser> with Limited account.
>  Both users must be password protected.
> @@ -24,6 +24,10 @@
>  ###   Install  Cygwin   ###
>  ###########################
>  
> +Following variants are recommended:
> +   Cygwin 1.5.25  on  Windows XP/Server 2003;
> +   Cygwin 1.7.5 (or later)  on  Windows 7/Server 2008.
> +
>  Enter into Windows as user <UserAdmin>.
>  To install Cygwin 1.5.25 browse to http://cygwin.com/win-9x.html and click the "setup-legacy.exe" link.
>  Download and run setup-legacy.exe.
> @@ -45,10 +49,15 @@
>  
>  Download and install the default's and selected Cygwin packages.
>  
> +Start a work on Cygwin with the following commands:
> +
> +   #mkpasswd.exe -l -d > /etc/passwd
> +   #mkgroup.exe -l -d  > /etc/group
> +
>  
>  
>  Setup openssh for <UserAdmin> and <SimpleUser> using the
> -ssh-host-config and ssh-user-config comands.
> +ssh-host-config and ssh-user-config commands
>  
>  Adjust an access without password prompting on each host.
>  
> @@ -76,53 +85,64 @@
>  necessary for normal work Torque components.
>  As a rule pbs_mom is demanded more privileges than pbs_server.
>  
> -You may need to assign the user account of <UserAdmin> as well as <SimpleUser> to the correct 
> -groups by hand (by default they are often assigned to "none" as primary group which causes a failure of 
> -the admin check the Torque daemons perform at startup). The /etc/passwd should look similar to 
> -the following:
> -
> -SYSTEM:*:18:544:,S-1-5-18::
> -LocalService:*:19:544:U-NT AUTHORITY\LocalService,S-1-5-19::
> -NetworkService:*:20:544:U-NT AUTHORITY\NetworkService,S-1-5-20::
> -Administrators:*:544:544:,S-1-5-32-544::
> -<UserAdmin>:unused:500:544:<UserAdmin_FullName>,<some_id>:/home/<UserAdmin>:/bin/bash
> -<SimpleUser>:unused:17690:545:<SimpleUser>,<SimpleUser_FullName>,<some_id>:/home/<SimpleUser>:/bin/bash
> -
> -Important is the number "544" in the line of the <UserAdmin> account which tells cygwin that the <UserAdmin> 
> -belongs to the local Administrator group. The /etc/group file should contain something like
> -
> -SYSTEM:S-1-5-18:18:
> -Administrators:<some_id>:544:<UserAdmin>
> -Users:<some_id>:545:<SimpleUser>
> -
> -The AddPrivileges script adds the following permissions to the Torque daemons 
> -depending on the Windows version:
> - --------------------------------------------------------------------------------------------------
> -!                   !!                       !                          !                          !
> -!      Run as       !!  pbs_server + sched   !         pbs_mom          !    on Windows subkind    !
> -!                   !!                       !                          !                          !
> -!===================!!=======================!==========================!==========================!
> -!                   !!                       !                          !                          !
> -!  Cygwin daemon    !!          ---          !  SeCreateTokenPrivilege  !  Windows XP/Server 2003  !
> -!                   !!                       !                          !                          !
> -!-------------------!!-----------------------!--------------------------!--------------------------!
> -!                   !!                       !                          !                          !
> -!  Windows service  !!  SeServiceLogonRight  !  SeServiceLogonRight     !  Windows XP/Server 2003  !
> -!   by <UserAdmin>  !!                       !  SeCreateTokenPrivilege  !       Windows 7          !
> -!                   !!                       !                          !                          !
> -!-------------------!!-----------------------!--------------------------!--------------------------!
> -!                   !!                       !                          !                          !
> -!  Windows service  !!                       !                          !       Windows XP         !
> -!     by SYSTEM     !!          ---          !           ---            !          only            !
> -!                   !!                       !                          !                          !
> -!                   !!                       !                          !                          !
> - -------------------------------------------------------------------------------------------------- 
> +Usage of privileges for known starts of Torque components is resulted in the tables:
> +
> + -------------------------------------------------------------------------------------------------------
> +!                                                                                                       !
> +!                                        Cygwin 1.5.25                                                  !
> +!                                                                                                       !
> +!-------------------------------------------------------------------------------------------------------!
> +!                   !!                       !                               !                          !
> +!      Run as       !!  pbs_server + sched   !            pbs_mom            !    on Windows subkind    !
> +!                   !!                       !                               !                          !
> +!===================!!=======================!===============================!==========================!
> +!                   !!                       !                               !                          !
> +!  Cygwin daemon    !!          ---          !    SeCreateTokenPrivilege     !  Windows XP/Server 2003  !
> +!                   !!                       !                               !                          !
> +!-------------------!!-----------------------!-------------------------------!--------------------------!
> +!                   !!                       !                               !                          !
> +!  Windows service  !!  SeServiceLogonRight  !    SeServiceLogonRight        !  Windows XP/Server 2003  !
> +!   by <UserAdmin>  !!                       !    SeCreateTokenPrivilege     !       Windows 7          !
> +!                   !!                       !                               !                          !
> +!-------------------!!-----------------------!-------------------------------!--------------------------!
> +!                   !!                       !                               !                          !
> +!  Windows service  !!          ---          !              ---              !       Windows XP         !
> +!     by SYSTEM     !!                       !                               !                          !
> +!                   !!                       !                               !                          !
> + -------------------------------------------------------------------------------------------------------
> +
> +
> + -------------------------------------------------------------------------------------------------------
> +!                                                                                                       !
> +!                                        Cygwin 1.7.5 or later                                          !
> +!                                                                                                       !
> +!-------------------------------------------------------------------------------------------------------!
> +!                   !!                       !                               !                          !
> +!      Run as       !!  pbs_server + sched   !            pbs_mom            !    on Windows subkind    !
> +!                   !!                       !                               !                          !
> +!===================!!=======================!===============================!==========================!
> +!                   !!                       !                               !                          !
> +!  Cygwin daemon    !!          ---          !    SeCreateTokenPrivilege     !  Windows XP/Server 2003  !
> +!                   !!                       !                               !                          !
> +!-------------------!!-----------------------!-------------------------------!--------------------------!
> +!                   !!                       !                               !                          !
> +!  Windows service  !!  SeServiceLogonRight  !    SeServiceLogonRight        !       Windows 7          !
> +!   by <UserAdmin>  !!                       !    SeCreateTokenPrivilege     !                          !
> +!                   !!                       !                               !                          !
> +!-------------------!!-----------------------!-------------------------------!--------------------------!
> +!                   !!                       !                               !                          !
> +!  Windows service  !!  SeServiceLogonRight  ! SeServiceLogonRight           !       Windows 7          !
> +!   by <UserAdmin>  !!                       ! SeAssignPrimaryTokenPrivilege !                          !
> +!  via LSA registry !!                       !                               !                          !
> +!                   !!                       !                               !                          !
> + -------------------------------------------------------------------------------------------------------
> +
>  Warning!!! You have to understand that a installing of additional privileges
>  can decrease your OS security level.
>  
> -Open the ports for sshd, pbs_server, pbs_mom and pbs_sched in your firewalls.
> +Reboot your computers that the SeCreateTokenPrivilege has taken effect!
>  
> -Reboot your computers!!!
> +Open the ports for sshd, pbs_server, pbs_mom and pbs_sched in your firewalls.
>  
>  
>  
> @@ -163,9 +183,9 @@
>  
>  Set your server's hostsname in the .../torque/server_name file.
>  
> -Submit jobs as <SimpleUser> with limited account.
> +Submit jobs as <SimpleUser> with Limited account.
>  
> -For more details refer to the Torque documentation.
> +See more the Torque Documentations.
>  
>  
>  
> @@ -196,7 +216,7 @@
>     #make install
>  
>  Configure and initiate Torque components.
> -Install the additional privileges (see above).
> +Instal the additional privileges (see above).
>  
>  Use cygrunsrv.exe for install, start, stop and remove services.
>  See more cygrunsrv.exe --help.
> @@ -210,7 +230,9 @@
>     #./contrib/AddPrivileges --add mom
>     #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe -u <UserAdmin> -w <password>
>  
> -On Windows XP <UserAdmin> also can start server-sched-mom as services by
> +
> +
> +Only on  Windows XP <UserAdmin> also can start server-sched-mom as services by
>  Windows native user SYSTEM (uid=18):
>  
>     #./contrib/AddPrivileges --add SYSTEM
> @@ -219,5 +241,24 @@
>     #cygrunsrv.exe -I pbs_sched -p /usr/sbin/pbs_sched.exe
>     #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe
>  
> +
> +
> +On Windows 7 with Cygwin 1.7.5 (or later) can use pbs_mom as services via the LSA private registry
> +area (http://cygwin.com/cygwin-ug-net/ntsec.html). Thus the very special and very dangerous
> +SeCreateTokenPrivilege is not required:
> +
> +   #cygserver-config
> +   #cygrunsrv.exe -S cygserver
> +
> +For each user:
> +   #passwd -R
> +
> +   #./contrib/AddPrivileges --add
> +   #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe -u <UserAdmin> -w <password>
> +
> +This variant of Torque start has been tested with MPICH2-1.2.1 on Windows 7 x86_64.
> +
> +
> +
>  Services and privileges are managed via the Windows Control Panel or command line.
>  

> _______________________________________________
> torquedev mailing list
> torquedev at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torquedev


-- 
Garrick Staples, GNU/Linux HPCC SysAdmin
University of Southern California

Life is Good!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torquedev/attachments/20100715/6b0d7c5a/attachment.bin 


More information about the torquedev mailing list