This shows you the differences between two versions of the page.
Last revisionBoth sides next revision | |||
playground:documentation_admin_2.5.3 [2013/11/05 13:17] – created capitn | playground:documentation_admin_2.5.3 [2013/11/05 13:34] – [Installing the OAR batch system] capitn | ||
---|---|---|---|
Line 28: | Line 28: | ||
====== Installing the OAR batch system ====== | ====== Installing the OAR batch system ====== | ||
See http:// | See http:// | ||
+ | |||
+ | ====== Security aspects in OAR ====== | ||
+ | |||
+ | Like any other batch scheduler, OAR must become the users that submit jobs. | ||
+ | |||
+ | In OAR, security and user switching is managed by the " | ||
+ | a suid binary executable only by root and the oar group members. This is used to | ||
+ | launch commands, scripts with the privileges of a particular user. When | ||
+ | " | ||
+ | * If this variable is empty, " | ||
+ | * Else, this variable contains the name of the user that will be used to execute the command. | ||
+ | |||
+ | Here are the scripts/ | ||
+ | * oarsub: this script is used for submitting jobs or reservations. | ||
+ | * read user script | ||
+ | * connection to job and launch user remote shell | ||
+ | * SSH job keys management | ||
+ | |||
+ | For all these functions, the user used in the OARDO_BECOME_USER variable is the user that submits the job. | ||
+ | |||
+ | * pingchecker: | ||
+ | |||
+ | * OAR:: | ||
+ | * user notification: | ||
+ | |||
+ | * oarexec: executed on the first reserved node, oarexec executes the job prologue and initiate the job. | ||
+ | * the " | ||
+ | * " | ||
+ | * execution of a passive job in user mode | ||
+ | * getting of the user shell in user mode | ||
+ | * checkpointing in superuser mode | ||
+ | |||
+ | * job_resource_manager: | ||
+ | * cpuset creation and clean is executed in superuser mode | ||
+ | |||
+ | * oarsh_shell: | ||
+ | * cpuset filling, " | ||
+ | * TTY login is executed as user. | ||
+ | |||
+ | * oarsh: oar's ssh wrapper to connect from node to node. It contains all the context variables usefull for this connection. | ||
+ | * display management and connection with a user job key file are executed as user. | ||
+ | |||
+ | |||
+ | |||
+ |