How to Limit Access to Execution Hosts
By templedf on Mar 14, 2007
Chris from BioTeam (and owner of gridengine.info) is always full of good Grid Engine advice. Below is a snippet from a recent email to the Grid Engine users alias that I found particularly clever. Chris explains how to keep users from bypassing Grid Engine and running work directly on machines in the grid:
One trick that I've seen done with grid engine takes advantage of the fact that all Grid Engine launched cluster tasks are all going to be a child process of a sge_shepherd daemon. I've seen clusters where there was a recurring cron script that would search out and "kill -9" any user process that was not a child of a sge_shepherd. The end result was that nobody could run a job on a node unless it was under the control of the scheduler.
SGE doesn't need rsh or ssh, so don't run an rshd on the machines and limit the ssh login in sshd_config to certain admin users (e.g. AllowUsers reuti).