[torqueusers] How to rip out user validation?

matthew devney matthew at devney.net
Wed Jun 23 10:58:24 MDT 2010


Yes.  That would make my job as a cluster admin a lot easier and have
no security implications whatsoever.

Clusters are expensive and people who don't get to use one, usually
don't have access to one.  Only 5 people have access to my clusters,
and they all know what they're doing.  I feel sure my setup is not
uncommon.


Matthew Devney
Cluster Engineer
UCSC / USDA




On Wed, Jun 23, 2010 at 9:52 AM, Glen Beane <glen.beane at gmail.com> wrote:
> On Wed, Jun 23, 2010 at 12:47 PM, matthew devney <matthew at devney.net> wrote:
>> Thanks much Chris.  That's exactly what I needed.  I remain convinced
>> that most users probably want this functionality turned off.
>
> you think users and administrators want a huge security hole built in
> by default?
> TORQUE sends the remote user as a job attribute.  It defaults to the
> username that is running qsub, but it can be overridden.  Without this
> check your users could run job as any account on the compute node.
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers
>


More information about the torqueusers mailing list