Hello José,
you might be interested in ubmod or its successor open xdmod. It's a system 
that queries SLURM regularly, writes the data into its own database and makes 
it available via webserver. You'd probably have to implement proper security 
measures for user  management.
Regards,
Lech
(sent from mobile)
Am 02.10.2014 14:38 schrieb =?ISO-8859-1?Q?Jos=E9_Rom=E1n_Bilbao_Castro?= 
<[email protected]>: 
Re: [slurm-dev] Re: Authentication and invoking slurm commands from
 web app
Thanks Brian,So you propose to have something like an intermediate database 
that maps web portal users to system users and make all calls internally from 
the webserver, right?. I just wanted to avoid the intermediate step for 
simplicity, but it seems to be a bad practice. So, regarding the second step... 
what is the safest and more logical manner of invoking slurm commands from the 
webserver?. I mean, at the end I must pass some credentials for the right 
user... Or should I have a tomcat user that belongs to the sudo group and call 
invoke commands as another user?. I am totally lost and need some thread to 
start pulling from it.Thanks again,Jose2014-10-02 13:23 GMT+02:00 Brian B. 
<[email protected]>:Hello Jose,It is never a good idea to have the public facing 
credentials be the same as the private credentials. That is if your public 
facing server is compromised your internal system is compromised. The limited 
cases where direct internal access are needed (e.g. SSH) should be handled by 
hardened servers. Allowing users to input executable commands on a webpage is 
also not a good security practice. This is essentially how the shellshock bug 
works. This is just my take on things but I would suggest building a different 
system. --Regards,BrianOn Oct 2, 2014, at 06:40, José Román Bilbao Castro 
<[email protected]> wrote: 
Hi all,First of all, this is my very first message to the list and don't even 
know if this is the proper place to port this message. I
 am facing a simple project that should allow a slurm user to monitor 
his jobs running on a slurm server. I have been looking at the Slurm 
authentication API but I cannot find anything useful for me as this 
seems to be applied to users already logged in the system. My question 
is where to start looking at (technologies, web development frameworks, 
etc...) to be able to enter a user/password on the web browser that 
coincides with that of the Linux user, send the credentials to the 
server, execute a slurm command on behalf of that user and print results
 back... May be this is a very complex question, but I 
have not much experience in web development and how it should be done to
 link slurm commands execution, specific user authorization, etc... Thanks in 
advance,Jose-- *José Román Bilbao Castro*Ingeniero Consultor+34 
[email protected]_http://www.idiria.com_ 
<http://www.idiria.com/_>--Idiria Sociedad Limitada - Aviso legalEste mensaje, 
su contenido y cualquier fichero transmitido con él está dirigido únicamente a 
su destinatario y es confidencial. Por ello, se informa a quien lo reciba por 
error ó tenga conocimiento del mismo sin ser su destinatario, que la 
información contenida en él es reservada y su uso no autorizado, por lo que en 
tal caso le rogamos nos lo comunique por la misma  vía o por teléfono (+ 34 
690207492), así como que se abstenga de reproducir el mensaje mediante 
cualquier medio o remitirlo o entregarlo a otra persona, procediendo a su 
borrado de manera inmediata.  Idiria Sociedad Limitada se reserva las acciones 
legales que le correspondan contra todo tercero que acceda de forma  ilegítima 
al contenido de cualquier mensaje externo procedente del mismo. Para 
información y consultas visite nuestra web http://www.idiria.com  Idiria 
Sociedad Limitada - DisclaimerThis message, its content and any file attached 
thereto is for the intended recipient only and is confidential. If you have 
received this e-mail in error or had access to it, you should note that the 
information in it is private and any use thereof is unauthorised. In such an 
event please notify us by e-mail or by telephone (+ 34 690207492). Any 
reproduction of this e-mail by whatsoever means and any transmission or 
dissemination thereof to other persons is prohibited. It should be deleted 
immediately from your system.Idiria Sociedad Limitada reserves the right to 
take legal action against any persons unlawfully gaining access to the content 
of any external message it has emitted.For additional information, please visit 
our website http://www.idiria.com  
-- *José Román Bilbao Castro*Ingeniero Consultor+34 
[email protected]_http://www.idiria.com_ 
<http://www.idiria.com/_>--Idiria Sociedad Limitada - Aviso legalEste mensaje, 
su contenido y cualquier fichero transmitido con él está dirigido únicamente a 
su destinatario y es confidencial. Por ello, se informa a quien lo reciba por 
error ó tenga conocimiento del mismo sin ser su destinatario, que la 
información contenida en él es reservada y su uso no autorizado, por lo que en 
tal caso le rogamos nos lo comunique por la misma  vía o por teléfono (+ 34 
690207492), así como que se abstenga de reproducir el mensaje mediante 
cualquier medio o remitirlo o entregarlo a otra persona, procediendo a su 
borrado de manera inmediata.  Idiria Sociedad Limitada se reserva las acciones 
legales que le correspondan contra todo tercero que acceda de forma  ilegítima 
al contenido de cualquier mensaje externo procedente del mismo. Para 
información y consultas visite nuestra web http://www.idiria.com  Idiria 
Sociedad Limitada - DisclaimerThis message, its content and any file attached 
thereto is for the intended recipient only and is confidential. If you have 
received this e-mail in error or had access to it, you should note that the 
information in it is private and any use thereof is unauthorised. In such an 
event please notify us by e-mail or by telephone (+ 34 690207492). Any 
reproduction of this e-mail by whatsoever means and any transmission or 
dissemination thereof to other persons is prohibited. It should be deleted 
immediately from your system.Idiria Sociedad Limitada reserves the right to 
take legal action against any persons unlawfully gaining access to the content 
of any external message it has emitted.For additional information, please visit 
our website http://www.idiria.com  

Reply via email to