Thanks Lech, That is something to start with. The problem is that I plan to add submission in the future and don't want to start something that will have to be changed too much with time. So I would prefer to be able to firstly execute any slurm command from my webserver and for any user...
Regards, Jose 2014-10-02 15:28 GMT+02:00 Lech Nieroda <[email protected]>: > Hello José, > > you might be interested in ubmod or its successor open xdmod. It's a > system that queries SLURM regularly, writes the data into its own database > and makes it available via webserver. You'd probably have to implement > proper security measures for user management. > > Regards, > Lech > > (sent from mobile) > Am 02.10.2014 14:38 schrieb =?ISO-8859-1?Q?Jos=E9_Rom=E1n_Bilbao_Castro?= < > [email protected]>: > > Thanks Brian, > > So you propose to have something like an intermediate database that maps > web portal users to system users and make all calls internally from the > webserver, right?. I just wanted to avoid the intermediate step for > simplicity, but it seems to be a bad practice. > > So, regarding the second step... what is the safest and more logical > manner of invoking slurm commands from the webserver?. I mean, at the end I > must pass some credentials for the right user... Or should I have a tomcat > user that belongs to the sudo group and call invoke commands as another > user?. I am totally lost and need some thread to start pulling from it. > > Thanks again, > > Jose > > > 2014-10-02 13:23 GMT+02:00 Brian B. <[email protected]>: > >> Hello Jose, >> >> It is never a good idea to have the public facing credentials be the same >> as the private credentials. That is if your public facing server is >> compromised your internal system is compromised. The limited cases where >> direct internal access are needed (e.g. SSH) should be handled by hardened >> servers. >> >> Allowing users to input executable commands on a webpage is also not a >> good security practice. This is essentially how the shellshock bug works. >> >> This is just my take on things but I would suggest building a different >> system. >> >> -- >> Regards, >> Brian >> >> On Oct 2, 2014, at 06:40, José Román Bilbao Castro <[email protected]> >> wrote: >> >> Hi all, >> >> First of all, this is my very first message to the list and don't even >> know if this is the proper place to port this message. >> >> I am facing a simple project that should allow a slurm user to monitor >> his jobs running on a slurm server. I have been looking at the Slurm >> authentication API but I cannot find anything useful for me as this seems >> to be applied to users already logged in the system. My question is where >> to start looking at (technologies, web development frameworks, etc...) to >> be able to enter a user/password on the web browser that coincides with >> that of the Linux user, send the credentials to the server, execute a slurm >> command on behalf of that user and print results back... >> >> May be this is a very complex question, but I have not much experience in >> web development and how it should be done to link slurm commands execution, >> specific user authorization, etc... >> >> Thanks in advance, >> >> Jose >> >> -- >> >> >> *José Román Bilbao Castro* >> >> Ingeniero Consultor >> +34 901009188 >> >> *[email protected] <[email protected]>**http://www.idiria.com >> <http://www.idiria.com/>* <*http:// <http://%20%20/>www.idiria.com/ >> <http://www.idiria.com/>*> >> >> -- >> Idiria Sociedad Limitada - Aviso legal >> >> Este mensaje, su contenido y cualquier fichero transmitido con él está >> dirigido únicamente a su destinatario y es confidencial. Por ello, se >> informa a quien lo reciba por error ó tenga conocimiento del mismo sin ser >> su destinatario, que la información contenida en él es reservada y su uso >> no autorizado, por lo que en tal caso le rogamos nos lo comunique por la >> misma vía o por teléfono (+ 34 690207492), así como que se abstenga de >> reproducir el mensaje mediante cualquier medio o remitirlo o entregarlo a >> otra persona, procediendo a su borrado de manera inmediata. >> >> Idiria Sociedad Limitada se reserva las acciones legales que le >> correspondan contra todo tercero que acceda de forma ilegítima al >> contenido de cualquier mensaje externo procedente del mismo. >> >> Para información y consultas visite nuestra web http://www.idiria.com >> >> >> >> Idiria Sociedad Limitada - Disclaimer >> This message, its content and any file attached thereto is for the >> intended recipient only and is confidential. If you have received this >> e-mail in error or had access to it, you should note that the information >> in it is private and any use thereof is unauthorised. In such an event >> please notify us by e-mail or by telephone (+ 34 690207492). Any >> reproduction of this e-mail by whatsoever means and any transmission or >> dissemination thereof to other persons is prohibited. It should be deleted >> immediately from your system. >> >> Idiria Sociedad Limitada reserves the right to take legal action against >> any persons unlawfully gaining access to the content of any external >> message it has emitted. >> >> For additional information, please visit our website >> http://www.idiria.com >> >> >> >> > > > -- > > > *José Román Bilbao Castro* > > Ingeniero Consultor > +34 901009188 > > *[email protected] <[email protected]>**http://www.idiria.com > <http://www.idiria.com/>* <*http:// <http://%20%20/>www.idiria.com/ > <http://www.idiria.com/>*> > > -- > Idiria Sociedad Limitada - Aviso legal > > Este mensaje, su contenido y cualquier fichero transmitido con él está > dirigido únicamente a su destinatario y es confidencial. Por ello, se > informa a quien lo reciba por error ó tenga conocimiento del mismo sin ser > su destinatario, que la información contenida en él es reservada y su uso > no autorizado, por lo que en tal caso le rogamos nos lo comunique por la > misma vía o por teléfono (+ 34 690207492), así como que se abstenga de > reproducir el mensaje mediante cualquier medio o remitirlo o entregarlo a > otra persona, procediendo a su borrado de manera inmediata. > > Idiria Sociedad Limitada se reserva las acciones legales que le > correspondan contra todo tercero que acceda de forma ilegítima al > contenido de cualquier mensaje externo procedente del mismo. > > Para información y consultas visite nuestra web http://www.idiria.com > > > > Idiria Sociedad Limitada - Disclaimer > This message, its content and any file attached thereto is for the > intended recipient only and is confidential. If you have received this > e-mail in error or had access to it, you should note that the information > in it is private and any use thereof is unauthorised. In such an event > please notify us by e-mail or by telephone (+ 34 690207492). Any > reproduction of this e-mail by whatsoever means and any transmission or > dissemination thereof to other persons is prohibited. It should be deleted > immediately from your system. > > Idiria Sociedad Limitada reserves the right to take legal action against > any persons unlawfully gaining access to the content of any external > message it has emitted. > > For additional information, please visit our website http://www.idiria.com > > > > > -- *José Román Bilbao Castro* Ingeniero Consultor +34 901009188 *[email protected] <[email protected]>**http://www.idiria.com <http://www.idiria.com/>* <*http:// <http://%20%20/>www.idiria.com/ <http://www.idiria.com/>*> -- Idiria Sociedad Limitada - Aviso legal Este mensaje, su contenido y cualquier fichero transmitido con él está dirigido únicamente a su destinatario y es confidencial. Por ello, se informa a quien lo reciba por error ó tenga conocimiento del mismo sin ser su destinatario, que la información contenida en él es reservada y su uso no autorizado, por lo que en tal caso le rogamos nos lo comunique por la misma vía o por teléfono (+ 34 690207492), así como que se abstenga de reproducir el mensaje mediante cualquier medio o remitirlo o entregarlo a otra persona, procediendo a su borrado de manera inmediata. Idiria Sociedad Limitada se reserva las acciones legales que le correspondan contra todo tercero que acceda de forma ilegítima al contenido de cualquier mensaje externo procedente del mismo. Para información y consultas visite nuestra web http://www.idiria.com Idiria Sociedad Limitada - Disclaimer This message, its content and any file attached thereto is for the intended recipient only and is confidential. If you have received this e-mail in error or had access to it, you should note that the information in it is private and any use thereof is unauthorised. In such an event please notify us by e-mail or by telephone (+ 34 690207492). Any reproduction of this e-mail by whatsoever means and any transmission or dissemination thereof to other persons is prohibited. It should be deleted immediately from your system. Idiria Sociedad Limitada reserves the right to take legal action against any persons unlawfully gaining access to the content of any external message it has emitted. For additional information, please visit our website http://www.idiria.com
