[slurm-users] What is an easy way to prevent users run programs on the master/login node.
Bas van der Vlies
bas.vandervlies at surf.nl
Thu May 20 16:02:03 UTC 2021
I know but see script we only do this for uid > 1000.
On 20/05/2021 17:29, Timo Rothenpieler wrote:
> You shouldn't need this script and pam_exec.
> You can set those limits directly in the systemd config to match every
> user.
>
> On 20.05.2021 16:28, Bas van der Vlies wrote:
>> same here we use the systemd user slice in out pam stack:
>> ```
>> # Setup for local and ldap logins
>> session required pam_systemd.so
>> session required pam_exec.so seteuid type=open_session
>> /etc/security/limits.sh
>> ```
>>
>> limit.sh:
>> ```
>> #!/bin/sh -e
>>
>> PAM_UID=$(getent passwd "${PAM_USER}" | cut -d: -f3)
>>
>> if [ "${PAM_UID}" -ge 1000 ]; then
>> /bin/systemctl set-property "user-${PAM_UID}.slice" CPUQuota=400%
>> CPUAccounting=true MemoryLimit=16G MemoryAccounting=true
>> fi
>> ```
>>
>> and also kill process that use to much time and exlude some processes:
>> *
>> https://github.com/basvandervlies/cf_surfsara_lib/blob/master/doc/services/sara_user_consume_resources.md
>
>
>
--
Bas van der Vlies
| HPCV Supercomputing | Internal Services | SURF |
https://userinfo.surfsara.nl |
| Science Park 140 | 1098 XG Amsterdam | Phone: +31208001300 |
| bas.vandervlies at surf.nl
More information about the slurm-users
mailing list