Trace:
[[playground:documentation_admin_2.5.3]]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
playground:documentation_admin_2.5.3 [2013/11/05 13:34] – [Installing the OAR batch system] capitnplayground:documentation_admin_2.5.3 [2013/11/05 13:44] (current) – [Security aspects in OAR] capitn
Line 34: Line 34:
  
 In OAR, security and user switching is managed by the "oardodo" command. It is In OAR, security and user switching is managed by the "oardodo" command. It is
-a suid binary executable only by root and the oar group members. This is used to +a suid binary executable only by root and the oar group members. This is used 
-launch commands, scripts with the privileges of a particular user. When +to launch commands, scripts with the privileges of a particular user. When 
-"oardodo" is called, it checks the value of the environment variable OARDO_BECOME_USER.+"oardodo" is called, it checks the value of the environment variable 
 +OARDO_BECOME_USER:
   * If this variable is empty, "oardodo" will execute the command with the privileges of the superuser (root).   * If this variable is empty, "oardodo" will execute the command with the privileges of the superuser (root).
   * Else, this variable contains the name of the user that will be used to execute the command.   * Else, this variable contains the name of the user that will be used to execute the command.
  
-Here are the scripts/modules where "oardodo" is called and which user is used during this call:+Here are the scripts/modules where "oardodo" is called and which user is used 
 +during this call:
   * oarsub: this script is used for submitting jobs or reservations.   * oarsub: this script is used for submitting jobs or reservations.
      * read user script      * read user script
Line 46: Line 48:
      * SSH job keys management      * SSH job keys management
  
-    For all these functions, the user used in the OARDO_BECOME_USER variable is the user that submits the job.+    For all these functions, the user used in the OARDO_BECOME_USER variable is 
 +    the user that submits the job.
  
   * pingchecker: this module is used to check resources health. Here, the user is root.   * pingchecker: this module is used to check resources health. Here, the user is root.
Line 68: Line 71:
  
   * oarsh: oar's ssh wrapper to connect from node to node. It contains all the context variables usefull for this connection.   * oarsh: oar's ssh wrapper to connect from node to node. It contains all the context variables usefull for this connection.
-     * display management and connection with a user job key file are executed as user.+     * display management and connection with a user job key file are executed 
 +       as user.
  
  
  
  
playground/documentation_admin_2.5.3.txt · Last modified: 2013/11/05 13:44 by capitn
Recent changes RSS feed GNU Free Documentation License 1.3 Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki