[torqueusers] How to rip out user validation?

Christopher Samuel samuel at unimelb.edu.au
Tue Jun 22 19:05:10 MDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 23/06/10 10:03, matthew devney wrote:

> The ideal solution is a compile-time option: --disable-validation
> after which anyone who can run qsub can run any jobs they like.

I would suggest this isn't a good idea as Garrick has
pointed out.

The code that does the validation is intended as an example
implementation and could be tuned to your needs - it lives
here:

 src/lib/Libsite/site_check_u.c

and is called site_check_user_map(), the comments say:

/*
 * site_check_u - site_check_user_map()
 *
 * This routine determines if a user is privileged to execute a job
 * on this host under the login name specified (in user-list attribute)
 *
 * As provided, this routine uses ruserok(3N).  If this is a problem,
 * It's replacement is "left as an exercise for the reader."
 *
 *      Return -1 for access denied, otherwise 0 for ok.
 */

So it's trivial to patch to get the (lack of) functionality
you see to want, but I'd suggest it's a very bad idea and
could have a lot of unintended consequences.

Much better to just set up your /etc/hosts.equiv file
correctly on system running the pbs_server.

cheers,
Chris
- -- 
 Christopher Samuel - Senior Systems Administrator
 VLSCI - Victorian Life Sciences Computational Initiative
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
         http://www.vlsci.unimelb.edu.au/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwhXcUACgkQO2KABBYQAh/arwCbBpNyulovPD8Irfi2Ttj/Iv5Z
Oc0An1iB8GxIsxeyoB7RV80TjaPRI9qR
=NSn+
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.supercluster.org/pipermail/torqueusers/attachments/20100623/b9b4e611/attachment.html 


More information about the torqueusers mailing list