[torqueusers] Prevent users to run commands directly

Axel Kohlmeyer akohlmey at cmm.chem.upenn.edu
Fri Nov 9 01:37:31 MST 2012


On Fri, Nov 9, 2012 at 9:05 AM, Mahmood Naderan <nt_mahmood at yahoo.com>wrote:

> >A cron job that repeatedly touches /etc/nologin seems to do it for us
> What is that file? I don't have that.
>

you don't want it, unless you don't want
anybody to log in but the superuser.

if you have a file /etc/nologin on a machine,
any login (except for root) will fail and the
contents of this file will be displayed.

it is a bit like /etc/motd, but for when you
close a machine for maintenance.

oh, and particularly useful when doing
kernel updates, since it will be automatically
deleted upon reboot.

cheers,
    axel.



>
>
> Regards,
> Mahmood
>
>
>
> ----- Original Message -----
> From: Jeff Anderson-Lee <jonah at eecs.berkeley.edu>
> To: Torque Users Mailing List <torqueusers at supercluster.org>
> Cc:
> Sent: Thursday, November 8, 2012 6:20 PM
> Subject: Re: [torqueusers] Prevent users to run commands directly
>
> A cron job that repeatedly touches /etc/nologin seems to do it for us.
>
> Jeff
>
> On 11/7/2012 7:34 PM, Henryk Modzelewski wrote:
> > Mahmood,
> >
> > A clean solution is to use mom's prologue/epilogue to modify
> /etc/security/access.conf to add/remove particular user access privileges
> as controlled by pam access module. Users can still cheat around this once
> they have jobs running, but it takes some creativity to do so. I have been
> using this solution effectively for many years, and only occasionally had
> to punish somebody by deleting their non-torque processes.
> >
> > Henryk
> > _______________________________________________________
> > Henryk Modzelewski, UBC EOS, SLIM/WFRT
> > Contact info: http://www.eos.ubc.ca/~henryk/
> >
> > "If you get the results that you expected,
> > it does not always mean that you get the correct results."
> > _______________________________________________________
> >
> > On Nov 7, 2012, at 6:40 AM, Mahmood Naderan wrote:
> >
> >> I asked a similar question before
> >>
> http://www.supercluster.org/pipermail/torqueusers/2011-February/012283.html
> >>
> >> There were some good points but I didn't implement a script. In
> general, to find out
> >>
> >> if a running process has used qsub or not, you have to track the
> parents of the pid.
> >>
> >> At the end, if you reach pbs_mom, then user has used qsub. Else he
> directly ran the
> >>
> >> application. Then you can write a cron job and check the parents
> running processes
> >>
> >> every hour.
> >>
> >>
> >> Regards,
> >> Mahmood
> >>
> >>
> >>
> >> ________________________________
> >> From: Pablo Guaza Peces <pabloguaza at ugr.es>
> >> To: Torque Users Mailing List <torqueusers at supercluster.org>
> >> Sent: Wednesday, November 7, 2012 11:13 AM
> >> Subject: [torqueusers] Prevent users to run commands directly
> >>
> >> Hi Everybody!
> >> I just got my little cluster ready for execution and I was wondering if
> there's a way to prevent users to execute their programs directly, and only
> allow them to do that through Torque with qsub command.
> >>
> >> I guess that all the programs that are run directly form the terminal
> bypassing Torque, prevent it to be 'conscious' of the resources usage, is
> that right?
> >>
> >> Cheers
> >> _______________________________________________
> >> torqueusers mailing list
> >> torqueusers at supercluster.org
> >> http://www.supercluster.org/mailman/listinfo/torqueusers
> >> _______________________________________________
> >> torqueusers mailing list
> >> torqueusers at supercluster.org
> >> http://www.supercluster.org/mailman/listinfo/torqueusers
> > _______________________________________________
> > torqueusers mailing list
> > torqueusers at supercluster.org
> > http://www.supercluster.org/mailman/listinfo/torqueusers
>
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers
>
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers
>



-- 
Dr. Axel Kohlmeyer    akohlmey at gmail.com
http://sites.google.com/site/akohlmey/

Institute for Computational Molecular Science
Temple University, Philadelphia PA, USA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.supercluster.org/pipermail/torqueusers/attachments/20121109/57ddf253/attachment-0001.html 


More information about the torqueusers mailing list