Greetings! We have a cluster (in the loosest, most generic application of that term) of machines running SL4.5, x86_64. I'll try to provide adequate but brief context before asking my actual question. There is one login node and a small finite number of compute nodes. The login node has two NICs, one facing the world with a public IP (and only port 22 open), and the second facing our private network. The compute nodes are only connected to the private net. Accounts are managed with NIS and /home and /usr/local are NFS-mounted. /opt is not. Users log into the login node and then ssh to a compute node to do work (over-simplification, but adequate for this discussion, I believe). Applications are either installed under /usr/local (available everywhere) or under /opt (available only on certain compute nodes). *Here's the actual question.* We would like to create accounts for restricted users, primarily for data sharing purposes. These users would have access to the filesystem as appropriate, but would not be allowed to run the applications living under /opt and /usr/local. A solution we have knocked around is to create a separate "non-compute" node for these users, and that node would not NFS-mount /usr/local. The users' login shell on the login node would be changed to a script that would log them into the "restricted users node," and when they log out from that node, they would be logged out of the login node as well. Suggestions? Better ideas? Pointers to RTFM? Thanks. Cheers, Pann -- Pann McCuaig <[log in to unmask]> 212-854-8689 Systems Coordinator, Economics Department, Columbia University Department Computing Resources: http://www.columbia.edu/cu/economics/computing/