[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ssh_to_job

On 08/23/2013 10:18 AM, Rich Pieri wrote:

...Look up ptrace() and it's related functions.

>   pgrep -u nobody

>   ps au | grep nobody | grep -v grep | awk '{print $2}'

>   pkill -9 -u nobody

>   kill -9 `ps au | grep nobody | grep -v grep | awk '{print $2}'`

> Whether or not you buy it depends on whether or not you think some of
> your users might ever be "clever" enough to use tricks like these to
> kill others' jobs, either to hinder rivals or free slots for their own jobs.

All of the above requires
a) somebody who's clever enough and
b) is specifically after others' jobs, and
c) you let them run their jobs on your cluster.

If that's the threat scenario you live in, you might want to check out
yama (made me look). Me, I expect highly trained core wars professionals
will eventually find a way around that as well as a way around per-slot
uids, so I'd be looking at c) first.

Dimitri Maziuk
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachment: signature.asc
Description: OpenPGP digital signature