<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 9, 2012 at 9:05 AM, Mahmood Naderan <span dir="ltr"><<a href="mailto:nt_mahmood@yahoo.com" target="_blank">nt_mahmood@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">>A cron job that repeatedly touches /etc/nologin seems to do it for us<br>
</div>What is that file? I don't have that.<br></blockquote><div><br></div><div>you don't want it, unless you don't want </div><div>anybody to log in but the superuser.</div><div><br></div><div>if you have a file /etc/nologin on a machine,</div>
<div>any login (except for root) will fail and the </div><div>contents of this file will be displayed.</div><div><br></div><div>it is a bit like /etc/motd, but for when you</div><div>close a machine for maintenance. </div>
<div><br></div><div>oh, and particularly useful when doing</div><div>kernel updates, since it will be automatically</div><div>deleted upon reboot.</div><div><br></div><div>cheers,</div><div> axel.</div><div><br></div><div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
Regards,<br>
Mahmood<br>
<div class="im HOEnZb"><br>
<br>
<br>
----- Original Message -----<br>
From: Jeff Anderson-Lee <<a href="mailto:jonah@eecs.berkeley.edu">jonah@eecs.berkeley.edu</a>><br>
To: Torque Users Mailing List <<a href="mailto:torqueusers@supercluster.org">torqueusers@supercluster.org</a>><br>
</div><div class="HOEnZb"><div class="h5">Cc:<br>
Sent: Thursday, November 8, 2012 6:20 PM<br>
Subject: Re: [torqueusers] Prevent users to run commands directly<br>
<br>
A cron job that repeatedly touches /etc/nologin seems to do it for us.<br>
<br>
Jeff<br>
<br>
On 11/7/2012 7:34 PM, Henryk Modzelewski wrote:<br>
> Mahmood,<br>
><br>
> A clean solution is to use mom's prologue/epilogue to modify /etc/security/access.conf to add/remove particular user access privileges as controlled by pam access module. Users can still cheat around this once they have jobs running, but it takes some creativity to do so. I have been using this solution effectively for many years, and only occasionally had to punish somebody by deleting their non-torque processes.<br>
><br>
> Henryk<br>
> _______________________________________________________<br>
> Henryk Modzelewski, UBC EOS, SLIM/WFRT<br>
> Contact info: <a href="http://www.eos.ubc.ca/~henryk/" target="_blank">http://www.eos.ubc.ca/~henryk/</a><br>
><br>
> "If you get the results that you expected,<br>
> it does not always mean that you get the correct results."<br>
> _______________________________________________________<br>
><br>
> On Nov 7, 2012, at 6:40 AM, Mahmood Naderan wrote:<br>
><br>
>> I asked a similar question before<br>
>> <a href="http://www.supercluster.org/pipermail/torqueusers/2011-February/012283.html" target="_blank">http://www.supercluster.org/pipermail/torqueusers/2011-February/012283.html</a><br>
>><br>
>> There were some good points but I didn't implement a script. In general, to find out<br>
>><br>
>> if a running process has used qsub or not, you have to track the parents of the pid.<br>
>><br>
>> At the end, if you reach pbs_mom, then user has used qsub. Else he directly ran the<br>
>><br>
>> application. Then you can write a cron job and check the parents running processes<br>
>><br>
>> every hour.<br>
>><br>
>><br>
>> Regards,<br>
>> Mahmood<br>
>><br>
>><br>
>><br>
>> ________________________________<br>
>> From: Pablo Guaza Peces <<a href="mailto:pabloguaza@ugr.es">pabloguaza@ugr.es</a>><br>
>> To: Torque Users Mailing List <<a href="mailto:torqueusers@supercluster.org">torqueusers@supercluster.org</a>><br>
>> Sent: Wednesday, November 7, 2012 11:13 AM<br>
>> Subject: [torqueusers] Prevent users to run commands directly<br>
>><br>
>> Hi Everybody!<br>
>> I just got my little cluster ready for execution and I was wondering if there's a way to prevent users to execute their programs directly, and only allow them to do that through Torque with qsub command.<br>
>><br>
>> I guess that all the programs that are run directly form the terminal bypassing Torque, prevent it to be 'conscious' of the resources usage, is that right?<br>
>><br>
>> Cheers<br>
>> _______________________________________________<br>
>> torqueusers mailing list<br>
>> <a href="mailto:torqueusers@supercluster.org">torqueusers@supercluster.org</a><br>
>> <a href="http://www.supercluster.org/mailman/listinfo/torqueusers" target="_blank">http://www.supercluster.org/mailman/listinfo/torqueusers</a><br>
>> _______________________________________________<br>
>> torqueusers mailing list<br>
>> <a href="mailto:torqueusers@supercluster.org">torqueusers@supercluster.org</a><br>
>> <a href="http://www.supercluster.org/mailman/listinfo/torqueusers" target="_blank">http://www.supercluster.org/mailman/listinfo/torqueusers</a><br>
> _______________________________________________<br>
> torqueusers mailing list<br>
> <a href="mailto:torqueusers@supercluster.org">torqueusers@supercluster.org</a><br>
> <a href="http://www.supercluster.org/mailman/listinfo/torqueusers" target="_blank">http://www.supercluster.org/mailman/listinfo/torqueusers</a><br>
<br>
_______________________________________________<br>
torqueusers mailing list<br>
<a href="mailto:torqueusers@supercluster.org">torqueusers@supercluster.org</a><br>
<a href="http://www.supercluster.org/mailman/listinfo/torqueusers" target="_blank">http://www.supercluster.org/mailman/listinfo/torqueusers</a><br>
<br>
_______________________________________________<br>
torqueusers mailing list<br>
<a href="mailto:torqueusers@supercluster.org">torqueusers@supercluster.org</a><br>
<a href="http://www.supercluster.org/mailman/listinfo/torqueusers" target="_blank">http://www.supercluster.org/mailman/listinfo/torqueusers</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Dr. Axel Kohlmeyer <a href="mailto:akohlmey@gmail.com" target="_blank">akohlmey@gmail.com</a><br><a href="http://sites.google.com/site/akohlmey/" target="_blank">http://sites.google.com/site/akohlmey/</a><br>
<br>Institute for Computational Molecular Science<br>Temple University, Philadelphia PA, USA.<br>
</div>