3.4 Host Security
For systems requiring dedicated access to compute nodes (for example, users with sensitive data), TORQUE prologue and epilogue scripts provide a vehicle to leverage the authenication provided by linux-PAM modules. (See Appendix G Prologue and Epilogue Scripts for more information.)
To allow only users with running jobs (and root) to access compute nodes, do the following:
The prologue* scripts are Perl scripts that add the user of the job to /etc/authuser. The epilogue* scripts then remove the first occurrence of the user from /etc/authuser. File locking is employed in all scripts to eliminate the chance of race conditions. There is also some commented code in the epilogue* scripts, which, if uncommented, kills all processes owned by the user (using pkill), provided that the user doesn't have another valid job on the same node.
|© 2001-2010 Adaptive Computing Enterprises, Inc.|