Situation desired:
user ssh not allowed to nodes unless user has PBS job running on them.
Solution:
Prohibit any user login in /etc/security/access.conf except root by default.
Use PBS prologue script (runs as root) to substitute "root" for "root:USER" in the login exceptions list.
User can ssh to nodes and between nodes involved in PBS job.
Job ends.
Use PBS epilogue script (runs as root) to revert changes to access.conf. System locked down again.
I plan to have a configurator option in the wizard to enable/disable this behavior very soon now.
Jeremy
At 01:13 PM 6/30/2003 -0500, Jay Mashl wrote:
On Fri, 20 Jun 2003, Jeff Squyres wrote: > On Thu, 19 Jun 2003 [EMAIL PROTECTED] wrote: > > approach. Instead, just use ssh directly -- OSCAR should have setup ssh > properly such that you don't need passwords to login between nodes and > it should function "close enough" to what rsh/rlogin do that your users > won't care.
There is the opposite side to this issue as well. Users running programs independent of the queue tends to defeat the "fair use" principles behind the queueing system. And it make node loads too high for users using PBS to get any substantial compute time.
That said, given that OSCAR uses ssh for communication, how does one configure
the compute nodes to block direct ssh access but allow PBS to operate normally?
That is, how should ssh be configured (I assume sshd_config) to force users to
run jobs through the queueing system? I have tried to do this once, but ended
up blocking all users and root from remote access to the nodes.
Thanks, Jay
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Oscar-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/oscar-users
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Oscar-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/oscar-users
