Am 09.04.2015 um 21:23 schrieb Chris Dagdigian: > > I'm one of the people who has been arguing for years that technological > methods for stopping abuse of GE systems never work in the long term because > motivated users always have more time and interest than overworked admins so > it's kind of embarrassing to ask this but ... > > Does anyone have a script that runs on a node and prints out all the userland > processes that are not explicitly a child of a sge_sheperd daemon? > > I'm basically looking for a light way to scan a node just to see if there are > users/tasks running that are outside the awareness of the SGE qmaster. Back > in the day when we talked about this it seemed that one easy method was just > looking for user stuff that was not a child process of a SGE daemon process. > > The funny thing is that it's not the HPC end users who do this. As the > grid(s) get closer and closer to the enterprise I'm starting to see software > developers and others trying to play games and then plead ignorance when > asked "why did you SSH to a compute node and start a tomcat service out of > your home directory?". heh.
Why allow `ssh` to a node at all? In my installations only the admins can do this. If users want to peek around on a node I have an interactive queue with a h_cpu limit of 60 seconds for this. So even login in to a node is controlled by SGE. -- Reuti > > -chris > > > > _______________________________________________ > users mailing list > [email protected] > https://gridengine.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
