[gridengine users] SGE

Parul Kudtarkar parulk at caltech.edu
Thu Sep 22 22:52:53 UTC 2011


Dear Reuti,

Thank you very much for resolving this issue. Appreciate your advice.

Thanks and regards,
Parul

> Am 23.09.2011 um 00:36 schrieb Parul Kudtarkar:
>
>> Thanks Reuti for quick response. Now is there a way to a way to ensure
>> that when user 'X' submits jobs it gets submitted as user 'X' instead of
>> root?
>
> Remove the suid bit from `qsub`. And investigate who set it as it's a
> security concern. Maybe other software is tampered too.
>
> -- Reuti
>
>
>> Thanks and regards,
>> Parul Kudtarkar
>>
>>> Am 23.09.2011 um 00:25 schrieb Parul Kudtarkar:
>>>
>>>> Dear Reuti and other users,
>>>>
>>>> 1) When I look for share tree, it indicates that share tree is
>>>> missing.
>>>> $ qconf -sst
>>>> No sharetree
>>>
>>> Sure, I have none too. Have you implemented a share tree policy? If
>>> it's
>>> gone for any reason, you have to define it again.
>>>
>>>
>>>> Also the new users do not have "delete_time" in the entry.
>>>
>>> You mean it 's zero or the line is missing? If it's zero, it's fine
>>> when
>>> you want to use the share tree policy.
>>>
>>>
>>>> Is there any way to retrieve back sharetree.
>>>
>>> No. (You could process the accounting file and disable users by hand if
>>> necssary when checking the used CPU time by them. But this is outside
>>> of
>>> SGE.)
>>>
>>>
>>>> 2)Yes, its true the user 'X' who submits job logged in as himself into
>>>> the
>>>> head node sees no jobs of himself, instead `qstat -u "*"` outputs that
>>>> the
>>>> user is who submitted the job is not user 'X' but root.
>>>>
>>>> 3) should the owner be set to sge?
>>>
>>> This doesn't matter. The odd thing is the set suid bit (if it's the
>>> case).
>>>
>>> -- Reuti
>>>
>>>
>>>> Thanks,
>>>> Parul Kudtarkar
>>>>
>>>>> Hi,
>>>>>
>>>>> Am 22.09.2011 um 22:21 schrieb Parul Kudtarkar:
>>>>>
>>>>>> Dear Grid Engine community,
>>>>>>
>>>>>> We are using sge 6.2. Recently our users got dropped from the user
>>>>>> list
>>>>>> and only root and one other user was still retained(they can qsub,
>>>>>> qstat
>>>>>> jobs). Hence I added users using qconf -auser
>>>>>
>>>>> you don't have to define any user beforehand. It will automatically
>>>>> be
>>>>> added if a user submits a job. It's purpose is to define a place,
>>>>> where
>>>>> the share tree policy can store the used resources over time. For
>>>>> such
>>>>> users there should be no "delete_time" in the entry.
>>>>>
>>>>>
>>>>>> Now even though the user is able to submit job logged in as himself
>>>>>> on
>>>>>> the
>>>>>> head node it is actually root who is submitting job to the cluster(
>>>>>> i.e.
>>>>>> a
>>>>>> user cannot qstat,
>>>>>
>>>>> You mean he sees no jobs of himself, as the default is to list only
>>>>> someone's own jobs? But `qstat -u "*"` will also list for him root as
>>>>> the
>>>>> owner.
>>>>>
>>>>>
>>>>>> but root as super user can qstat and the user of the
>>>>>> job is shown as root instead of the actual user who submitted the
>>>>>> job).
>>>>>
>>>>> Shot in the dark: in your installation `qsub` is owned by "root" and
>>>>> someone set the "setuid" bit (for whatever reason).
>>>>>
>>>>> Very evil, as you can collect much information about other users and
>>>>> their
>>>>> files this way.
>>>>>
>>>>> -- Reuti
>>>>>
>>>>>
>>>>>> Any ideas what may be causing this discrepancy?
>>>>>>
>>>>>> Thanks,
>>>>>> Parul
>>>>>> --
>>>>>> Parul Kudtarkar
>>>>>> Scientific Programmer
>>>>>> Center for Computational Regulatory Genomics
>>>>>> Beckman Institute,
>>>>>> California Institute of Technology
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> users mailing list
>>>>>> users at gridengine.org
>>>>>> https://gridengine.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>






More information about the users mailing list