[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ssh_to_job (HTCondor-users Digest, Vol 9, Issue 18)

On 08/12/2014 07:11 PM, Keith Brown wrote:
how can I set restrictions when a user ssh's to a job on a machine? I would
like to set a shell with has access to very little commands and I want a
timeout after 5 minutes.
is anyone doing anything with this command? it convenient but users can
take advantage of the slots by running interactive jobs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www-auth.cs.wisc.edu/lists/htcondor-users/attachments/20140812/09d19294/attachment.html>

Restricting what commands they can run is not really possible, unless
you have a very menu-ish system which allows only specific commands
with no shell escapes, print commands, etc.  There are various forms of
"restricted shell" setups out there, and all are imperfect.

Limiting how long they are logged in can be accomplished with doinkd
(formerly idled/ formerly untamo), which can warn them and kick them
off if they exceed a session limit, etc.