Re: [HTCondor-users] condor_ssh_to_job (HTCondor-users Digest, Vol 9, Issue 18)

["Marc W. Mengel" <mengel@xxxxxxxx>]

On 08/12/2014 07:11 PM, Keith Brown wrote:
> how can I set restrictions when a user ssh's to a job on a machine? I would
> like to set a shell with has access to very little commands and I want a
> timeout after 5 minutes.
> is anyone doing anything with this command? it convenient but users can
> take advantage of the slots by running interactive jobs.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://www-auth.cs.wisc.edu/lists/htcondor-users/attachments/20140812/09d19294/attachment.html>

Restricting what commands they can run is not really possible, unless
you have a very menu-ish system which allows only specific commands
with no shell escapes, print commands, etc.  There are various forms of
"restricted shell" setups out there, and all are imperfect.

Limiting how long they are logged in can be accomplished with doinkd
(formerly idled/ formerly untamo), which can warn them and kick them
off if they exceed a session limit, etc.

http://idled.cvs.sourceforge.net/viewvc/idled/doinkd/README?revision=1.1.1.1&view=markup