[torqueusers] How to rip out user validation?

Joshua Bernstein jbernstein at penguincomputing.com
Wed Jun 23 11:44:41 MDT 2010


Hey Matthew,

I had submitted a patch to TORQUE several times ago that current ships 
with the version of TORQUE we provide with Scyld ClusterWare that 
estentially rips out the ruserok() code and instead replaces it with a 
more robust getent() option.

I don't think it every made it into the top of tree for Torque, and I 
haven't forward ported it yet beyond TORQUE 2.3.

-Josh

matthew devney wrote:
> Hi Guys,
> 
> Over the past year I guesstimate that I have wasted over 90 hours
> trying to get around this error:
> 
> qsub: Bad UID for job execution MSG=ruserok failed validating
> opsu/opsu from bw03.local:15001
>     while executing
> 
> Now, I can solve that problem yet again, with enough wrestling.
> But, I can't think of even a hypothetical use case where someone might
> have a shell on the cluster yet not be allowed to submit jobs.
> 
> The ideal solution is a compile-time option: --disable-validation
> after which anyone who can run qsub can run any jobs they like.
> 
> Is this possible?  Can it be a feature added to the next version?
> 
> Honestly, user authentication and validation is handled so many other
> places in the system ... firewall, login process, filesystem
> permissions, another pass through firewall as qsub connects to the mom
> ... This whole validation problem is way solved by the time we get
> into torque code, and inside torque is (I believe) a fundamentally bad
> place to put user validation logic ... I think torque would be a
> better product by removing this entirely.  Can we at least turn it
> off?
> 
> Matthew Devney
> matthew at devney.net
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers


More information about the torqueusers mailing list