[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ssh_to_job

Keith Brown wrote:
i understand you can run arbitrary code on HTc when using condor_submit.
That wasn't my concern at all. On our relatively large enterprise cluster,

Yes, it is, or we wouldn't be having this discussion.

like the user to run very basic commands such as 'top','vmstat' and force
timeout after the condor_ssh_job.

You can't reliably enforce this. If users can run arbitrary code then they can, for example, pack their own ssh daemons to bypass Condor's job ssh feature, their own shells that ignores your timeouts, and other tools that bypass all of your other constraints.

What to do? My suggestions:

Forget about trying to put constraints on Condor. At best this will only slightly inconvenience the bad users. At worst it will cause the good users to turn bad as bad user tricks circulate among the user base.

Instead, remind users that they've agreed to your site's Acceptable Use Policy. Remind them of the consequences of violating your AUP.

Have users police themselves. If demand exceeds capacity due to abusive behavior then there have to be users who are annoyed when other users hog compute nodes. Have these users report their annoyances to you so that you can a) confirm abusive behavior and b) bring down the AUP hammer as necessary.

You can take an intrusion detection approach. Enable system-wide monitoring of everything that users do, catalog it all, and search for aberrations that indicate usage outside of your AUP.

Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science