[torqueusers] Why does torque require pbs_mom/pbs_server be run as root?
Craig.Tierney at noaa.gov
Fri Jul 16 08:16:49 MDT 2010
On Jul 16, 2010, at 5:46 AM, Nico Kadel-Garcia wrote:
> On Fri, Jul 16, 2010 at 12:40 AM, Garrick Staples <garrick at usc.edu> wrote:
>> On Jul 15, 2010, at 9:21 PM, Christopher Samuel wrote:
>> The trick will be getting this working without breaking
>> the current behaviour where it needs to be able to change
>> user to the people it is forking jobs as.
>> I think that's the easy part... just don't setuid() and setgid().
>> The hard part is client authentication. We entirely depend on pbs_iff being
>> setuid root.
> There is also the hard part of keeping your job when your managers
> find out that you forked off your little number crunching job to use
> every computer in the department, without the permission of the people
> logged in, and your little number crunching job has a memory leak or
> makes other people's long number crunching jobs take 3 times as long
> due to hogging CPU's If I found out you were grabbing 2 CPU's on my
> desktop or my build server while I'm building kernels, I'd be pretty
> upset. And if I were the IT person who had people coming to them
> whinging about it, and found that it was somebody running Torque
> behind my back, they'd be looking at a suspension of their login and
> possible disciplinary hearing.
> I like Torque and approve of its use, but running it behind IT's back
> is like setting up FTP servers without telling us: they're potential
> resource pigs that shouldn't be sprung on us without warning.
I agree with you on this one. My goal is to not let users setup Torque
clusters, just provide the functionality of Torque on a single system.
Certainly firewall rules should (can) be put in place to block the traffic
between nodes. Our policy is deny all, then open up what you need
(like ssh). But that doesn't mean it is everywhere.
> torqueusers mailing list
> torqueusers at supercluster.org
More information about the torqueusers