Control/manage users with a queuing scheduler

Ref: http://www.ibm.com/developerworks/linux/library/l-11sysadtips/index.html

  1. make access.conf work
    $pdsh  -wnode[1-61] 'sed -i "/#%PAM-1.0/a\account required  pam_access.so" /etc/pam.d/sshd'
  2. disable users login expect root
    $pdsh  -wnode[1-61] 'echo "-:ALL EXCEPT root:ALL" >>/etc/security/access.conf'
  3. /opt/gridview/pbs/dispatcher/mom_priv/prologue
    jobid=$1
    user=$2
    group=$3
    
    PBS_HOME=/opt/gridview/pbs/dispatcher/
    
    nodefile=$PBS_HOME/aux/$jobid
    if [ -r $nodefile ] ; then
        nodes=$(sort $nodefile | uniq)
    else
        nodes=localhost
    fi 
    
    #export SCRATCH_DIR=/scratch/$user
    #if [ -d $SCRATCH_DIR ] ; then
    # if [ -w $SCRATCH_DIR ]; then
    # else
    # echo "The scratch dir $SCRATCH_DIR is not wriatable!"
    # exit 0
    # fi
    #else
    # mkdir -p $SCRATCH_DIR
    # chown $user.$group $SCRATCH_DIR
    #fi
    
    export TMP_DIR=/tmp/$user.$jobid
    echo $nodes
    
    for i in $nodes ; do
     #create tmp dir
     ssh $i mkdir -p -m 700 $tmp \&\& chown $user.$group $TMP_DIR
     # allows the user to login
     ssh $i "perl -pi -e \"s/:ALL\$/ $user :ALL/\" /etc/security/access.conf"
    done
    exit 0
  4. /opt/gridview/pbs/dispatcher/mom_priv/epilogue
    export LC_ALL=C
    
    jobid=$1
    user=$2
    nodefile=/opt/gridview/pbs/dispatcher/aux/$jobid
    if [ -r $nodefile ] ; then
        nodes=$(sort $nodefile | uniq)
    else
        nodes=localhost
    fi
    
    export TMP_DIR=/tmp/$user.$jobid
    
    for i in $nodes ; do
      ssh $i rm -rf $TMP_DIR
      ssh $i "perl -pi -e \"s/ $user\b//g\" /etc/security/access.conf"
    done
    exit 0