Mailing List ArchivesPublic Access |
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesPublic Access |
|
On 8/12/2014 8:11 PM, Keith Brown wrote:Not really possible. Condor permits users to run pretty much any code
> how can I set restrictions when a user ssh's to a job on a machine? I would
> like to set a shell with has access to very little commands and I want a
> timeout after 5 minutes.
they want. This can be used to bypass any chroot() jails and limited
shells that you create. For example, a custom sshd that ignores a user's
default shell and home directory and uses whatever environment that
Condor provides instead.
If you don't want users running interactively on compute nodes then
don't give them any access to those nodes. Put them behind a firewall
and only allow access via the job submission system.
--
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/