[gridengine users] SGE

Reuti reuti at staff.uni-marburg.de
Thu Sep 22 22:40:51 UTC 2011


Am 23.09.2011 um 00:36 schrieb Parul Kudtarkar:

> Thanks Reuti for quick response. Now is there a way to a way to ensure
> that when user 'X' submits jobs it gets submitted as user 'X' instead of
> root?

Remove the suid bit from `qsub`. And investigate who set it as it's a security concern. Maybe other software is tampered too.

-- Reuti


> Thanks and regards,
> Parul Kudtarkar
> 
>> Am 23.09.2011 um 00:25 schrieb Parul Kudtarkar:
>> 
>>> Dear Reuti and other users,
>>> 
>>> 1) When I look for share tree, it indicates that share tree is missing.
>>> $ qconf -sst
>>> No sharetree
>> 
>> Sure, I have none too. Have you implemented a share tree policy? If it's
>> gone for any reason, you have to define it again.
>> 
>> 
>>> Also the new users do not have "delete_time" in the entry.
>> 
>> You mean it 's zero or the line is missing? If it's zero, it's fine when
>> you want to use the share tree policy.
>> 
>> 
>>> Is there any way to retrieve back sharetree.
>> 
>> No. (You could process the accounting file and disable users by hand if
>> necssary when checking the used CPU time by them. But this is outside of
>> SGE.)
>> 
>> 
>>> 2)Yes, its true the user 'X' who submits job logged in as himself into
>>> the
>>> head node sees no jobs of himself, instead `qstat -u "*"` outputs that
>>> the
>>> user is who submitted the job is not user 'X' but root.
>>> 
>>> 3) should the owner be set to sge?
>> 
>> This doesn't matter. The odd thing is the set suid bit (if it's the case).
>> 
>> -- Reuti
>> 
>> 
>>> Thanks,
>>> Parul Kudtarkar
>>> 
>>>> Hi,
>>>> 
>>>> Am 22.09.2011 um 22:21 schrieb Parul Kudtarkar:
>>>> 
>>>>> Dear Grid Engine community,
>>>>> 
>>>>> We are using sge 6.2. Recently our users got dropped from the user
>>>>> list
>>>>> and only root and one other user was still retained(they can qsub,
>>>>> qstat
>>>>> jobs). Hence I added users using qconf -auser
>>>> 
>>>> you don't have to define any user beforehand. It will automatically be
>>>> added if a user submits a job. It's purpose is to define a place, where
>>>> the share tree policy can store the used resources over time. For such
>>>> users there should be no "delete_time" in the entry.
>>>> 
>>>> 
>>>>> Now even though the user is able to submit job logged in as himself on
>>>>> the
>>>>> head node it is actually root who is submitting job to the cluster(
>>>>> i.e.
>>>>> a
>>>>> user cannot qstat,
>>>> 
>>>> You mean he sees no jobs of himself, as the default is to list only
>>>> someone's own jobs? But `qstat -u "*"` will also list for him root as
>>>> the
>>>> owner.
>>>> 
>>>> 
>>>>> but root as super user can qstat and the user of the
>>>>> job is shown as root instead of the actual user who submitted the
>>>>> job).
>>>> 
>>>> Shot in the dark: in your installation `qsub` is owned by "root" and
>>>> someone set the "setuid" bit (for whatever reason).
>>>> 
>>>> Very evil, as you can collect much information about other users and
>>>> their
>>>> files this way.
>>>> 
>>>> -- Reuti
>>>> 
>>>> 
>>>>> Any ideas what may be causing this discrepancy?
>>>>> 
>>>>> Thanks,
>>>>> Parul
>>>>> --
>>>>> Parul Kudtarkar
>>>>> Scientific Programmer
>>>>> Center for Computational Regulatory Genomics
>>>>> Beckman Institute,
>>>>> California Institute of Technology
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> users mailing list
>>>>> users at gridengine.org
>>>>> https://gridengine.org/mailman/listinfo/users
>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
> 
> 
> 





More information about the users mailing list