This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
playground:documentation_admin_2.5.3 [2013/11/05 13:34] – [Installing the OAR batch system] capitn | playground:documentation_admin_2.5.3 [2013/11/05 13:44] (current) – [Security aspects in OAR] capitn | ||
---|---|---|---|
Line 34: | Line 34: | ||
In OAR, security and user switching is managed by the " | In OAR, security and user switching is managed by the " | ||
- | a suid binary executable only by root and the oar group members. This is used to | + | a suid binary executable only by root and the oar group members. This is used |
- | launch commands, scripts with the privileges of a particular user. When | + | to launch commands, scripts with the privileges of a particular user. When |
- | " | + | " |
+ | OARDO_BECOME_USER: | ||
* If this variable is empty, " | * If this variable is empty, " | ||
* Else, this variable contains the name of the user that will be used to execute the command. | * Else, this variable contains the name of the user that will be used to execute the command. | ||
- | Here are the scripts/ | + | Here are the scripts/ |
+ | during this call: | ||
* oarsub: this script is used for submitting jobs or reservations. | * oarsub: this script is used for submitting jobs or reservations. | ||
* read user script | * read user script | ||
Line 46: | Line 48: | ||
* SSH job keys management | * SSH job keys management | ||
- | For all these functions, the user used in the OARDO_BECOME_USER variable is the user that submits the job. | + | For all these functions, the user used in the OARDO_BECOME_USER variable is |
+ | | ||
* pingchecker: | * pingchecker: | ||
Line 68: | Line 71: | ||
* oarsh: oar's ssh wrapper to connect from node to node. It contains all the context variables usefull for this connection. | * oarsh: oar's ssh wrapper to connect from node to node. It contains all the context variables usefull for this connection. | ||
- | * display management and connection with a user job key file are executed as user. | + | * display management and connection with a user job key file are executed |
+ | as user. | ||