PDA

View Full Version : lmgrd accepting stray requests



GeorgiaP
06-09-2009, 02:28 PM
Hi. Stray user, somewhere on the network, issues a license management command, and our license manager accepts it!

We have several products that run under lmgrd (FlexLM), including Totalview, and have run into this occasionally in the past. Recently the Totalview lmgrd accepted a license re-read request, which is pretty innocuous, but led to some interesting troubleshooting before we found the re-read in the logfile. A long time ago, we had an lmgrd that accepted a shutdown request, which was obviously more painful. At the time, we obtained some settings that would (allegedly) inoculate the daemon against those stray requests, but we have lost that information.

Any ideas? I don't believe it was anything in the license.opt file, I believe it was startup parameters.

PeterT-RogueWave
06-15-2009, 03:31 PM
Hi Georgia,

That does sound a bit odd. Theoretically the license manager should only accept requests from a privileged user, so either root or whoever is the user assigned to the license. It should not accept requests from Joe Random User. But if the user is privileged, I don't know of anyway to prevent them from issuing lmgrd commands. I don't know if you have a single flex manager running for all your Flex licenses, or if you have separate ones for say, TotalView and MatLab. But it seems to me it would be easy enough for someone to issue a command meant for one license server, and end up affecting all of them. Certainly the lmstat command works for all FlexLM licenses that your LM_LICENSE_FILE can access.

So, it doesn't sound that hard to do something wrong, but it should only be for the privileged user.

Let me know if that makes sense.

Regards,

GeorgiaP
06-15-2009, 04:06 PM
Hi, Peter, let me clarify:

Stray - but privileged - user somewhere on the subnet,
issues a command and our license daemon responds.
That is, the user is privileged on SOME node, SOMEWHERE
on the subnet, NOT on our license server, but our
daemon accepts it anyway. I guess said user must have
had a Totalview LM_LICENSE_FILE in their environment
at the time.

Yikes. I could have sworn we were once able to limit this.

-Thanks
gap