On Mon, 30 Jun 2003, Jeremy Enos wrote: > Actually, there's a fairly simple way of accomplishing this that I plan to > implement as an option in the PBS OSCAR package soon. > Situation desired: > user ssh not allowed to nodes unless user has PBS job running on them. > Solution: > Prohibit any user login in /etc/security/access.conf except root by default. > Use PBS prologue script (runs as root) to substitute "root" for "root:USER" > in the login exceptions list. > User can ssh to nodes and between nodes involved in PBS job. > Job ends. > Use PBS epilogue script (runs as root) to revert changes to > access.conf. System locked down again. > > I plan to have a configurator option in the wizard to enable/disable this > behavior very soon now. > Jeremy
>On Mon, 30 Jun 2003, Brian W. Barrett wrote: > Please forgive some of the details missing - I'm on a borrowed machine, so > can't check everything. Doing what you are asking is possible, but can be > kind of tricky. The possible solutions include modifying /etc/passwd, > using PAM, or using some other similar trickery. I tried once to use PAM, > but my cluster only has 4-6 users, so it wasn't worth the hassle. When > you can fire nerf balls at the offender without getting up from your seat, > policy seems to work ok :). > Anyway, I might recommend looking at the PAM solutions out there. Google > turned up a few, or Argonne has a list of utilities for PBS: > http://www-unix.mcs.anl.gov/openpbs/ > Hope this helps somewhat... > Brian Thanks for both of replies. I was able to put something together using PAM and the PBS epilogue/prologue scripts. I didn't have to involve /etc/passwd at all. Jay ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Oscar-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/oscar-users
