[torqueusers] Why does torque require pbs_mom/pbs_server be run as root?

Nico Kadel-Garcia nkadel at gmail.com
Fri Jul 16 05:46:53 MDT 2010


On Fri, Jul 16, 2010 at 12:40 AM, Garrick Staples <garrick at usc.edu> wrote:
>
> On Jul 15, 2010, at 9:21 PM, Christopher Samuel wrote:
>
> The trick will be getting this working without breaking
> the current behaviour where it needs to be able to change
> user to the people it is forking jobs as.
>
> I think that's the easy part... just don't setuid() and setgid().
> The hard part is client authentication. We entirely depend on pbs_iff being
> setuid root.

There is also the hard part of keeping your job when your managers
find out that you forked off your little number crunching job to use
every computer in the department, without the permission of the people
logged in, and your little number crunching job has a memory leak or
makes other people's long number crunching jobs  take 3 times as long
due to hogging CPU's If I found out you were grabbing 2 CPU's on my
desktop or my build server while I'm building kernels, I'd be pretty
upset. And if I were the IT person who had people coming to them
whinging about it, and found that it was somebody running Torque
behind my back, they'd be looking at a suspension of their login and
possible disciplinary hearing.

I like Torque and approve of its use, but running it behind IT's back
is like setting up FTP servers without telling us: they're potential
resource pigs that shouldn't be sprung on us without warning.


More information about the torqueusers mailing list