[torqueusers] Prevent users to run commands directly

André Gemünd andre.gemuend at scai.fraunhofer.de
Thu Nov 8 23:56:47 MST 2012


We are using the pbs_simpleauth module from /etc/pam.d/ssh to restrict logins and run reaver from http://www.nics.tennessee.edu/~troy/pbstools/ in the epilogue to logout users after the job finishes. Works well for us.

Greetings
André

----- Ursprüngliche Mail -----
> A cron job that repeatedly touches /etc/nologin seems to do it for
> us.
> 
> Jeff
> 
> On 11/7/2012 7:34 PM, Henryk Modzelewski wrote:
> > Mahmood,
> >
> > A clean solution is to use mom's prologue/epilogue to modify
> > /etc/security/access.conf to add/remove particular user access
> > privileges as controlled by pam access module. Users can still
> > cheat around this once they have jobs running, but it takes some
> > creativity to do so. I have been using this solution effectively
> > for many years, and only occasionally had to punish somebody by
> > deleting their non-torque processes.
> >
> > Henryk
> > _______________________________________________________
> > Henryk Modzelewski, UBC EOS, SLIM/WFRT
> > Contact info: http://www.eos.ubc.ca/~henryk/
> >
> > "If you get the results that you expected,
> > it does not always mean that you get the correct results."
> > _______________________________________________________
> >
> > On Nov 7, 2012, at 6:40 AM, Mahmood Naderan wrote:
> >
> >> I asked a similar question before
> >> http://www.supercluster.org/pipermail/torqueusers/2011-February/012283.html
> >>
> >> There were some good points but I didn't implement a script. In
> >> general, to find out
> >>
> >> if a running process has used qsub or not, you have to track the
> >> parents of the pid.
> >>
> >> At the end, if you reach pbs_mom, then user has used qsub. Else he
> >> directly ran the
> >>
> >> application. Then you can write a cron job and check the parents
> >> running processes
> >>
> >> every hour.
> >>
> >>
> >> Regards,
> >> Mahmood
> >>
> >>
> >>
> >> ________________________________
> >> From: Pablo Guaza Peces <pabloguaza at ugr.es>
> >> To: Torque Users Mailing List <torqueusers at supercluster.org>
> >> Sent: Wednesday, November 7, 2012 11:13 AM
> >> Subject: [torqueusers] Prevent users to run commands directly
> >>
> >> Hi Everybody!
> >> I just got my little cluster ready for execution and I was
> >> wondering if there's a way to prevent users to execute their
> >> programs directly, and only allow them to do that through Torque
> >> with qsub command.
> >>
> >> I guess that all the programs that are run directly form the
> >> terminal bypassing Torque, prevent it to be 'conscious' of the
> >> resources usage, is that right?
> >>
> >> Cheers
> >> _______________________________________________
> >> torqueusers mailing list
> >> torqueusers at supercluster.org
> >> http://www.supercluster.org/mailman/listinfo/torqueusers
> >> _______________________________________________
> >> torqueusers mailing list
> >> torqueusers at supercluster.org
> >> http://www.supercluster.org/mailman/listinfo/torqueusers
> > _______________________________________________
> > torqueusers mailing list
> > torqueusers at supercluster.org
> > http://www.supercluster.org/mailman/listinfo/torqueusers
> 
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers
> 

-- 
André Gemünd
Fraunhofer-Institute for Algorithms and Scientific Computing
andre.gemuend at scai.fraunhofer.de
Tel: +49 2241 14-2193
/C=DE/O=Fraunhofer/OU=SCAI/OU=People/CN=Andre Gemuend


More information about the torqueusers mailing list