Looks like users at LANL are not very nice ;)
Indeed, this is no hard security. Only a way to prevent users from doing
mistakes. We often give users special tuning for their application and
when they see their application is going faster, they start messing with
every parameter hoping that it will go even faster.
So, this feature is to prevent the dumb user from breaking everything, not
to prevent real sabotage.
On Fri, 4 Sep 2009, Ralph Castain wrote:
> Let me point out the obvious since this has plagued us at LANL with regard to
> this concept. If a user wants to do something different, all they have to do
> is download and build their own copy of OMPI.
> Amazingly enough, that is exactly what they do. When we build our production
> versions, we actually "no-build" modules we don't want them using (e.g.,
> certain BTL's that use privileged network interfaces) so even MCA params
> won't let them do something undesirable.
> No good - they just try until they realize it won't work, then download and
> build their own version...and merrily hose the system.
> My point here: this concept can help, but it should in no way be viewed as a
> solution to the problem you are trying to solve. It is at best a minor
> obstacle as we made it very simple for a user to circumvent such measures.
> Which is why I never made the effort to actually implement what was in that
> ticket. It was decided that it really wouldn't help us here, and would only
> result in further encouraging user-owned builds.
> On Sep 4, 2009, at 12:42 AM, Jeff Squyres wrote:
>> On Sep 4, 2009, at 8:26 AM, Nadia Derbey wrote:
>>>> Can the file name ( openmpi-priv-mca-params.conf ) also be configurable ?
>>> No, it isn't, presently, but this can be changed if needed.
>> If it's configurable, it must be configurable at configure time -- not run
>> time -- otherwise, a user could just give a different filename at runtime
>> and get around all the "privileged" values.
>> Jeff Squyres
>> devel mailing list
> devel mailing list