Mailing List Archives
Public Access
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] condor_ssh_to_job
- Date: Thu, 14 Aug 2014 10:24:14 -0400
- From: Rich Pieri <ratinox@xxxxxxx>
- Subject: Re: [HTCondor-users] condor_ssh_to_job
Keith Brown wrote:
i understand you can run arbitrary code on HTc when using condor_submit.
That wasn't my concern at all. On our relatively large enterprise cluster,
Yes, it is, or we wouldn't be having this discussion.
like the user to run very basic commands such as 'top','vmstat' and force
timeout after the condor_ssh_job.
You can't reliably enforce this. If users can run arbitrary code then
they can, for example, pack their own ssh daemons to bypass Condor's job
ssh feature, their own shells that ignores your timeouts, and other
tools that bypass all of your other constraints.
What to do? My suggestions:
Forget about trying to put constraints on Condor. At best this will only
slightly inconvenience the bad users. At worst it will cause the good
users to turn bad as bad user tricks circulate among the user base.
Instead, remind users that they've agreed to your site's Acceptable Use
Policy. Remind them of the consequences of violating your AUP.
Have users police themselves. If demand exceeds capacity due to abusive
behavior then there have to be users who are annoyed when other users
hog compute nodes. Have these users report their annoyances to you so
that you can a) confirm abusive behavior and b) bring down the AUP
hammer as necessary.
You can take an intrusion detection approach. Enable system-wide
monitoring of everything that users do, catalog it all, and search for
aberrations that indicate usage outside of your AUP.
--
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science