How to Limit Access to Execution Hosts

Chris from BioTeam (and owner of gridengine.info) is always full of good Grid Engine advice. Below is a snippet from a recent email to the Grid Engine users alias that I found particularly clever. Chris explains how to keep users from bypassing Grid Engine and running work directly on machines in the grid:

    One trick that I've seen done with grid engine takes advantage of the fact that all Grid Engine launched cluster tasks are all going to be a child process of a sge_shepherd daemon. I've seen clusters where there was a recurring cron script that would search out and "kill -9" any user process that was not a child of a sge_shepherd. The end result was that nobody could run a job on a node unless it was under the control of the scheduler.

Another good suggestion presented by Thomas Reuter in another email is:

    SGE doesn't need rsh or ssh, so don't run an rshd on the machines and limit the ssh login in sshd_config to certain admin users (e.g. AllowUsers reuti).

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

templedf

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today