disadvantages of linux cluster - admin
M A Suzen
mehmet.suzen at bristol.ac.uk
Thu Nov 7 09:20:12 PST 2002
Restriction of usage should be applied, "never trust users."
But main idea of Cluster is increasing productivity and
reducing human work force, hence let them produce as well.
Basicly even if you give users a shell access, they may
exploit it anyway.
--On 07 November 2002 2:01pm +0100 Bogdan Costescu
<bogdan.costescu at iwr.uni-heidelberg.de> wrote:
> On Wed, 6 Nov 2002 alvin at Maggie.Linux-Consulting.com wrote:
>
>> - harden the server from the user standpoint
>> - remove passwd command, remove tar, remove make/gcc...
>
> I don't think that you are too serious here. I remember several years ago
> when the Ping-Of-Death was discussed on Bugtraq, somebody said that
> admins should remove (or remove access for users to) the "ping" program
> - yeah, sure, like nobody would be able to copy another ping binary or
> even compile its own.
> As you have to let users:
> - log on to the cluster to launch jobs
> - be able to copy files to/from cluster (otherwise you do need
> _infinite_ storage space attached to the cluster),
> you can't forbid installing their own versions of the same programs in
> their own home dir. It's usually as simple as:
>
> ./configure --prefix=/home/bogdan
>
> Having make/gcc/... unavailable is sometimes impossible - when
> development is one of the purposes of the cluster. But even if they are
> unavailable, it only takes another similarly configured system (and with
> Linux/*BSD it's trivial to do it these days) where the compilation takes
> place. Even when the architecture/OS is not readily available,
> cross-compiling can still be used to achieve the same goal.
>
>> changes... ( most expensive if it breaks - depending on 3rd party sw )
>> - you dont need to apply any new changes unless it
>> prevents some kind of functionality that is needed
>> and or a security vulnerability/exploitability
>
> He-he, I've found that most of the things that I want to do _do_ fall
> into these categories :-)
>
>> if one human needs help... its likely others will need the same help...
>> - send um to the internal "help docs"
>
> You probably missed the whole paragraph in RGB's message that was talking
> about users - I can only say that my experience here is perfectly
> described by this paragraph. Yeah, shoot them :-)
>
>> cheaper to buy 2 systems.... than it is to buy support contracts..
>> ( keep lots of "spare parts" floating around
>
> I'm constantly amazed at the prolonged support contracts (like 2-3 years)
> when, as you stated earlier, HW is out-of-stock or discontinued so fast.
> Do these people keep huge stocks of whatever parts they put in your
> system ? Even DIY approach of keeping spare (OK, let's say more than 1)
> parts seems a bit too much to me, unless the cluster _must_ be homogenous.
>
>> > * Shoot your users. G'wan, admit it, you've thought about it.
>>
>> give um GUIs to use .. :-)
>
> Noooo, I think some need direct brain UIs to be able to do something !
> Even so, I have doubts :-)
>
> --
> Bogdan Costescu
>
> IWR - Interdisziplinaeres Zentrum fuer Wissenschaftliches Rechnen
> Universitaet Heidelberg, INF 368, D-69120 Heidelberg, GERMANY
> Telephone: +49 6221 54 8869, Telefax: +49 6221 54 8868
> E-mail: Bogdan.Costescu at IWR.Uni-Heidelberg.De
>
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
More information about the Beowulf
mailing list