[slurm-users] What is an easy way to prevent users run programs on the master/login node.
Timo Rothenpieler
timo.rothenpieler at uni-bremen.de
Thu May 20 15:29:54 UTC 2021
You shouldn't need this script and pam_exec.
You can set those limits directly in the systemd config to match every user.
On 20.05.2021 16:28, Bas van der Vlies wrote:
> same here we use the systemd user slice in out pam stack:
> ```
> # Setup for local and ldap logins
> session required pam_systemd.so
> session required pam_exec.so seteuid type=open_session
> /etc/security/limits.sh
> ```
>
> limit.sh:
> ```
> #!/bin/sh -e
>
> PAM_UID=$(getent passwd "${PAM_USER}" | cut -d: -f3)
>
> if [ "${PAM_UID}" -ge 1000 ]; then
> /bin/systemctl set-property "user-${PAM_UID}.slice" CPUQuota=400%
> CPUAccounting=true MemoryLimit=16G MemoryAccounting=true
> fi
> ```
>
> and also kill process that use to much time and exlude some processes:
> *
> https://github.com/basvandervlies/cf_surfsara_lib/blob/master/doc/services/sara_user_consume_resources.md
More information about the slurm-users
mailing list