Am 23.09.2011 um 00:36 schrieb Parul Kudtarkar: > Thanks Reuti for quick response. Now is there a way to a way to ensure > that when user 'X' submits jobs it gets submitted as user 'X' instead of > root?
Remove the suid bit from `qsub`. And investigate who set it as it's a security concern. Maybe other software is tampered too. -- Reuti > Thanks and regards, > Parul Kudtarkar > >> Am 23.09.2011 um 00:25 schrieb Parul Kudtarkar: >> >>> Dear Reuti and other users, >>> >>> 1) When I look for share tree, it indicates that share tree is missing. >>> $ qconf -sst >>> No sharetree >> >> Sure, I have none too. Have you implemented a share tree policy? If it's >> gone for any reason, you have to define it again. >> >> >>> Also the new users do not have "delete_time" in the entry. >> >> You mean it 's zero or the line is missing? If it's zero, it's fine when >> you want to use the share tree policy. >> >> >>> Is there any way to retrieve back sharetree. >> >> No. (You could process the accounting file and disable users by hand if >> necssary when checking the used CPU time by them. But this is outside of >> SGE.) >> >> >>> 2)Yes, its true the user 'X' who submits job logged in as himself into >>> the >>> head node sees no jobs of himself, instead `qstat -u "*"` outputs that >>> the >>> user is who submitted the job is not user 'X' but root. >>> >>> 3) should the owner be set to sge? >> >> This doesn't matter. The odd thing is the set suid bit (if it's the case). >> >> -- Reuti >> >> >>> Thanks, >>> Parul Kudtarkar >>> >>>> Hi, >>>> >>>> Am 22.09.2011 um 22:21 schrieb Parul Kudtarkar: >>>> >>>>> Dear Grid Engine community, >>>>> >>>>> We are using sge 6.2. Recently our users got dropped from the user >>>>> list >>>>> and only root and one other user was still retained(they can qsub, >>>>> qstat >>>>> jobs). Hence I added users using qconf -auser >>>> >>>> you don't have to define any user beforehand. It will automatically be >>>> added if a user submits a job. It's purpose is to define a place, where >>>> the share tree policy can store the used resources over time. For such >>>> users there should be no "delete_time" in the entry. >>>> >>>> >>>>> Now even though the user is able to submit job logged in as himself on >>>>> the >>>>> head node it is actually root who is submitting job to the cluster( >>>>> i.e. >>>>> a >>>>> user cannot qstat, >>>> >>>> You mean he sees no jobs of himself, as the default is to list only >>>> someone's own jobs? But `qstat -u "*"` will also list for him root as >>>> the >>>> owner. >>>> >>>> >>>>> but root as super user can qstat and the user of the >>>>> job is shown as root instead of the actual user who submitted the >>>>> job). >>>> >>>> Shot in the dark: in your installation `qsub` is owned by "root" and >>>> someone set the "setuid" bit (for whatever reason). >>>> >>>> Very evil, as you can collect much information about other users and >>>> their >>>> files this way. >>>> >>>> -- Reuti >>>> >>>> >>>>> Any ideas what may be causing this discrepancy? >>>>> >>>>> Thanks, >>>>> Parul >>>>> -- >>>>> Parul Kudtarkar >>>>> Scientific Programmer >>>>> Center for Computational Regulatory Genomics >>>>> Beckman Institute, >>>>> California Institute of Technology >>>>> >>>>> >>>>> _______________________________________________ >>>>> users mailing list >>>>> [email protected] >>>>> https://gridengine.org/mailman/listinfo/users >>>> >>>> >>> >>> >>> >>> >> >> > > > _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
