Re: [HTCondor-users] condor_ssh_to_job

[Rich Pieri <ratinox@xxxxxxx>]

Keith Brown wrote:
> i understand you can run arbitrary code on HTc when using condor_submit.
> That wasn't my concern at all. On our relatively large enterprise cluster,

Yes, it is, or we wouldn't be having this discussion.


> like the user to run very basic commands such as 'top','vmstat' and force
> timeout after the condor_ssh_job.

You can't reliably enforce this. If users can run arbitrary code then 
they can, for example, pack their own ssh daemons to bypass Condor's job 
ssh feature, their own shells that ignores your timeouts, and other 
tools that bypass all of your other constraints.

What to do? My suggestions:

Forget about trying to put constraints on Condor. At best this will only 
slightly inconvenience the bad users. At worst it will cause the good 
users to turn bad as bad user tricks circulate among the user base.

Instead, remind users that they've agreed to your site's Acceptable Use 
Policy. Remind them of the consequences of violating your AUP.

Have users police themselves. If demand exceeds capacity due to abusive 
behavior then there have to be users who are annoyed when other users 
hog compute nodes. Have these users report their annoyances to you so 
that you can a) confirm abusive behavior and b) bring down the AUP 
hammer as necessary.

You can take an intrusion detection approach. Enable system-wide 
monitoring of everything that users do, catalog it all, and search for 
aberrations that indicate usage outside of your AUP.

--
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science