[gridengine users] Best way to restrict a user to a specific exec host?
mun.johl at kazan-networks.com
Tue Apr 9 15:43:16 UTC 2019
Thank you for your reply!
Please see my comments below.
On Mon, Apr 08, 2019 at 10:27 PM PDT, Reuti wrote:
> > Am 09.04.2019 um 05:37 schrieb Mun Johl <mun.johl at kazan-networks.com>:
> > Hi all,
> > My company is hiring a contractor for some development work. As such, I
> > need to modify our grid configuration so that he only has access to a
> > single execution host. That particular host (let's call it serverA)
> > will not have all of our data disks mounted.
> > NOTE: We are running SGE v8.1.9 on systems running Red Hat Enterprise Linux v6.8 .
> > I'm not really sure how to proceed. I'm thinking of perhaps creating a
> > new queue which only resides on serverA.
> There is no need for an additional queue. You can add him to the xuser_lists of all oher queues. But a special queue with a limited number of slots might give the contractor more priority to check his develoment faster. Depends on personal taste whether this one is preferred. This queue could have a forced complex with a high urgency, which he always have to request (or you use JSV to add this to his job submissions).
How would I proceed if I did not create an additional queue? You have
me intrigued. That is, if I add him to the xuser_lists of all queues,
he wouldn't be able to submit a job, would he? Perhaps I'm confused.
> > We would ask the contractor to
> > specify this new queue for his jobs. Furthermore, I would add the
> > contractor to the xuser_lists of all other queues.
> > Does that sound reasonable
> > or is there an easier method for
> > accomplishing this task within SGE?
> > IF it makes sense to proceed in this manner, what is the easiest way to
> > add the username of the contractor to the xuser_lists parameter? Can I
> > simply add his username? Or do I need to create a new access list for him?
> $ qconf -au john_doe banned_users
Okay, so to confirm: I create the banned_users ACL and add that ACL to
all queues for which john_joe is banned. Correct?
Thanks again for your time and knowledge!
> > Any and all examples of how to implement this type of configuration
> > would be greatly appreciated since I am not an SGE expert by any stretch
> > of the imagination.
> > By the way, would the contractor only need an account on serverA in
> > order to utilize SGE? Or would he need an account on the grid master as
> > well?
> Are you not using a central user administration by NIS or LDAP?
> AFAICS he needs an entry only on the execution host (and on the submission host of course).
> -- Reuti
More information about the users