Moin, On Tue, 13 Jun 2023, 17:45:42 +0200, Hauke Fath wrote:
Hi,
I am currently exploring two options for resource managing, and wondering whether I am looking in the right spot...
(1) User access
We have a compute server that only some groups of users have access to, since the others' boss didn't chip in. I attempted to disable logins for users without a HOME on the machine by setting
DEFAULT_HOME no
in /etc/login.defs, but find that HOMEless people can still ssh in. What is the equivalent of the above option for sshd on Arch?
If they can login without a home directory, this means you must have password authentication left enabled. I'd clearly recommend to have only ssh-key based login enabled: PasswordAuthentication no Without it, access to ~user/.ssh/authorized_keys would simply fail.
(2) Resource control
On said server, I would like students' jobs to run at a lower priority. In a /etc/security/limits.d/nt-limits.conf file, I set priority limits for the respective groups
@students - priority 10
but they still login with default priority value. The system log has nothing relevant. Is this supposed to work, and what does it take to make it?
Linux kernels use resources as long as they are available. I saw this happening in Cloud scenarios where an app had cleanly defined CPU and RAM limits, but it used more than that. It is my understanding that whenever the system gets into bottlenecks, it'll kill (or apply restrictions in your case) when necessary. In such a situation the jobs of the students group get punished by the scheduler whenever needed.
Cheerio, Hauke
HTH, cheers. l8er manfred