[Moabusers] Re: moab.key

Douglas Wightman wightman at clusterresources.com
Thu Jul 5 11:54:00 MDT 2007 

mauth should be setuid root and the .moab.key file should be readable
only by root.  You may also want to upgrade to the latest as there have
been numerous enhancements to this interface.

- Douglas

On Thu, 2007-07-05 at 12:33 -0400, Justin Bronder wrote:
> Nope, it has the default permissions given by "make install".
> -rwxr-x--x 1 root root 2818984 Jul  5 12:10 /usr/bin/mauth
> 
> Should I add the setuid bit?
> 
> 
> On 05/07/07 10:16 -0600, Douglas Wightman wrote:
> > What are the permissions on the "mauth" binary?  Is it setuid root?
> > 
> > - Douglas
> > 
> > On Thu, 2007-07-05 at 12:14 -0400, Justin Bronder wrote:
> > > crash moab # moab --version        
> > > moab server version 5.1.0p5 (snap NA) (rev. 7371)
> > > crash moab # ls -l /var/spool/moab/.moab.key 
> > > -r--r--r-- 1 root root 5 Jun 22 12:32 /var/spool/moab/.moab.key
> > > crash moab # moab
> > > WARNING:  .moab.key exists but has invalid ownership/permissions
> > > crash moab # killall moab
> > > crash moab # chmod 400 /var/spool/moab/.moab.key 
> > > crash moab # moab
> > > jbronder at crash ~/moab $ showq
> > > ERROR:  cannot open keyfile '/var/spool/moab/.moab.key' for reading:
> > > Permission denied
> > > ERROR:  cannot open keyfile '/var/spool/moab/.moab.key' for reading:
> > > Permission denied
> > > ERROR:    server rejected request - could not authenticate client using
> > > .moab.key
> > > ERROR:    communication error crash:42559 (remote server rejected request,
> > > message 'no signature value specified')
> > > 
> > > Thanks,
> > > 
> > > 
> > > On 05/07/07 10:03 -0600, Douglas Wightman wrote:
> > > > There have been many enhancements (including error messages) added to
> > > > using the .moab.key file.  What Moab version are you using and what is
> > > > the error message when a normal user tries to run a client command?
> > > > 
> > > > Thanks,
> > > > 
> > > > - Douglas
> > > > 
> > > > On Thu, 2007-07-05 at 11:26 -0400, Justin Bronder wrote:
> > > > > We're using the /var/spool/moab/.moab.key file to allow multiple submit hosts
> > > > > to talk to the moab server.  However, I'm not sure of the permissions I
> > > > > should have set on the file.
> > > > > 
> > > > > If I set it as 400, the moab starts up fine, but any normal users cannot use
> > > > > any moab commands as they can't read the file.
> > > > > 
> > > > > If I set it as 444, then moab complains about invalid permissions on boot,
> > > > > but users can use the moab commands.
> > > > > 
> > > > > Is there a better way to be doing this?
> > > > > 
> > > > > Thanks,
> > > > > 
> > > > 
> > > > _______________________________________________
> > > > moabusers mailing list
> > > > moabusers at supercluster.org
> > > > http://www.supercluster.org/mailman/listinfo/moabusers
> > > 
> > 
> > _______________________________________________
> > moabusers mailing list
> > moabusers at supercluster.org
> > http://www.supercluster.org/mailman/listinfo/moabusers
>

More information about the moabusers mailing list