diff -Naur ./trunk-3839/contrib/AddPrivileges ./new/contrib/AddPrivileges --- ./trunk-3839/contrib/AddPrivileges 2010-06-07 21:57:04.000000000 +0300 +++ ./new/contrib/AddPrivileges 2010-07-15 15:44:00.504158303 +0300 @@ -1,6 +1,6 @@ #! /bin/sh -### AddPrivileges ver 1.2 17 Mar 2010 ### +### AddPrivileges ver 1.4 12 Jul 2010 ### ### ------------------------------------------------------ ### ### This script creates Passwd&Group files and sets ### ### additional privileges only for Windows users ### @@ -37,7 +37,7 @@ --add add privileges - mom for Torque pbs_mom + mom for Torque pbs_mom (set the SeCreateTokenPrivilege) SYSTEM for native Windows user EOF @@ -46,7 +46,7 @@ -v | --v*) echo - echo " AddPrivileges ver 1.2 17 Mar 2010" + echo " AddPrivileges ver 1.4 12 Jul 2010" exit $? ;; @@ -99,12 +99,13 @@ editrights -a SeCreateTokenPrivilege -u "$CURRENTU" - echo " Set mom's privileges" + echo " Reboot your computer that the SeCreateTokenPrivilege has taken effect" fi editrights -a SeServiceLogonRight -u "$CURRENTU" +editrights -a SeAssignPrimaryTokenPrivilege -u "$CURRENTU" if [[ $? -eq $SUCCESS ]]; then diff -Naur ./trunk-3839/README.cygwin ./new/README.cygwin --- ./trunk-3839/README.cygwin 2010-07-09 20:40:07.000000000 +0300 +++ ./new/README.cygwin 2010-07-14 16:52:04.000000000 +0300 @@ -1,7 +1,7 @@ Tested with the stable release Cygwin 1.5.25 on -Windows XP Pro and on Windows Server 2003 SE (both 32-bit). +Windows XP Pro (32/64-bit) and on Windows Server 2003 SE (32-bit). Tested with the stable release Cygwin 1.7.5 on 64-bit Windows 7 Ultimate. Can be used on heterogeneous Torque clusters. @@ -11,7 +11,7 @@ Mail and drmaa are untested. In mom quota and setrlimit are not supported because Cygwin doesn't support ones. -Torque needs two Windows users (local or domain) on each host: +Torque needs at least two Windows users (local or domain) on each host: with Computer administrator privileges and with Limited account. Both users must be password protected. @@ -24,6 +24,10 @@ ### Install Cygwin ### ########################### +Following variants are recommended: + Cygwin 1.5.25 on Windows XP/Server 2003; + Cygwin 1.7.5 (or later) on Windows 7/Server 2008. + Enter into Windows as user . To install Cygwin 1.5.25 browse to http://cygwin.com/win-9x.html and click the "setup-legacy.exe" link. Download and run setup-legacy.exe. @@ -45,10 +49,15 @@ Download and install the default's and selected Cygwin packages. +Start a work on Cygwin with the following commands: + + #mkpasswd.exe -l -d > /etc/passwd + #mkgroup.exe -l -d > /etc/group + Setup openssh for and using the -ssh-host-config and ssh-user-config comands. +ssh-host-config and ssh-user-config commands Adjust an access without password prompting on each host. @@ -76,53 +85,64 @@ necessary for normal work Torque components. As a rule pbs_mom is demanded more privileges than pbs_server. -You may need to assign the user account of as well as to the correct -groups by hand (by default they are often assigned to "none" as primary group which causes a failure of -the admin check the Torque daemons perform at startup). The /etc/passwd should look similar to -the following: - -SYSTEM:*:18:544:,S-1-5-18:: -LocalService:*:19:544:U-NT AUTHORITY\LocalService,S-1-5-19:: -NetworkService:*:20:544:U-NT AUTHORITY\NetworkService,S-1-5-20:: -Administrators:*:544:544:,S-1-5-32-544:: -:unused:500:544:,:/home/:/bin/bash -:unused:17690:545:,,:/home/:/bin/bash - -Important is the number "544" in the line of the account which tells cygwin that the -belongs to the local Administrator group. The /etc/group file should contain something like - -SYSTEM:S-1-5-18:18: -Administrators::544: -Users::545: - -The AddPrivileges script adds the following permissions to the Torque daemons -depending on the Windows version: - -------------------------------------------------------------------------------------------------- -! !! ! ! ! -! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind ! -! !! ! ! ! -!===================!!=======================!==========================!==========================! -! !! ! ! ! -! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server 2003 ! -! !! ! ! ! -!-------------------!!-----------------------!--------------------------!--------------------------! -! !! ! ! ! -! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows XP/Server 2003 ! -! by !! ! SeCreateTokenPrivilege ! Windows 7 ! -! !! ! ! ! -!-------------------!!-----------------------!--------------------------!--------------------------! -! !! ! ! ! -! Windows service !! ! ! Windows XP ! -! by SYSTEM !! --- ! --- ! only ! -! !! ! ! ! -! !! ! ! ! - -------------------------------------------------------------------------------------------------- +Usage of privileges for known starts of Torque components is resulted in the tables: + + ------------------------------------------------------------------------------------------------------- +! ! +! Cygwin 1.5.25 ! +! ! +!-------------------------------------------------------------------------------------------------------! +! !! ! ! ! +! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind ! +! !! ! ! ! +!===================!!=======================!===============================!==========================! +! !! ! ! ! +! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server 2003 ! +! !! ! ! ! +!-------------------!!-----------------------!-------------------------------!--------------------------! +! !! ! ! ! +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows XP/Server 2003 ! +! by !! ! SeCreateTokenPrivilege ! Windows 7 ! +! !! ! ! ! +!-------------------!!-----------------------!-------------------------------!--------------------------! +! !! ! ! ! +! Windows service !! --- ! --- ! Windows XP ! +! by SYSTEM !! ! ! ! +! !! ! ! ! + ------------------------------------------------------------------------------------------------------- + + + ------------------------------------------------------------------------------------------------------- +! ! +! Cygwin 1.7.5 or later ! +! ! +!-------------------------------------------------------------------------------------------------------! +! !! ! ! ! +! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind ! +! !! ! ! ! +!===================!!=======================!===============================!==========================! +! !! ! ! ! +! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server 2003 ! +! !! ! ! ! +!-------------------!!-----------------------!-------------------------------!--------------------------! +! !! ! ! ! +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows 7 ! +! by !! ! SeCreateTokenPrivilege ! ! +! !! ! ! ! +!-------------------!!-----------------------!-------------------------------!--------------------------! +! !! ! ! ! +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows 7 ! +! by !! ! SeAssignPrimaryTokenPrivilege ! ! +! via LSA registry !! ! ! ! +! !! ! ! ! + ------------------------------------------------------------------------------------------------------- + Warning!!! You have to understand that a installing of additional privileges can decrease your OS security level. -Open the ports for sshd, pbs_server, pbs_mom and pbs_sched in your firewalls. +Reboot your computers that the SeCreateTokenPrivilege has taken effect! -Reboot your computers!!! +Open the ports for sshd, pbs_server, pbs_mom and pbs_sched in your firewalls. @@ -163,9 +183,9 @@ Set your server's hostsname in the .../torque/server_name file. -Submit jobs as with limited account. +Submit jobs as with Limited account. -For more details refer to the Torque documentation. +See more the Torque Documentations. @@ -196,7 +216,7 @@ #make install Configure and initiate Torque components. -Install the additional privileges (see above). +Instal the additional privileges (see above). Use cygrunsrv.exe for install, start, stop and remove services. See more cygrunsrv.exe --help. @@ -210,7 +230,9 @@ #./contrib/AddPrivileges --add mom #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe -u -w -On Windows XP also can start server-sched-mom as services by + + +Only on Windows XP also can start server-sched-mom as services by Windows native user SYSTEM (uid=18): #./contrib/AddPrivileges --add SYSTEM @@ -219,5 +241,24 @@ #cygrunsrv.exe -I pbs_sched -p /usr/sbin/pbs_sched.exe #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe + + +On Windows 7 with Cygwin 1.7.5 (or later) can use pbs_mom as services via the LSA private registry +area (http://cygwin.com/cygwin-ug-net/ntsec.html). Thus the very special and very dangerous +SeCreateTokenPrivilege is not required: + + #cygserver-config + #cygrunsrv.exe -S cygserver + +For each user: + #passwd -R + + #./contrib/AddPrivileges --add + #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe -u -w + +This variant of Torque start has been tested with MPICH2-1.2.1 on Windows 7 x86_64. + + + Services and privileges are managed via the Windows Control Panel or command line.