Re: [Condor-users] Job Submisison Authorization

[Zachary Miller <zmiller@xxxxxxxxxxx>]

On Tue, Jun 07, 2005 at 03:13:00PM +0100, Charles Kubicek wrote:
> 
> Currently there is nothing stopping a user on our campus from installing Condor
> on his/her laptop, joining our pool and submitting jobs. By using the
> ALLOW_READ and ALLOW_WRITE variables in the condor_config file we can either
> deny a machine from joining the pool AND deny a user/machine submitting jobs,
> or allow a user or machine to do both. How do we deny just job submission?

well, you can't exactly.  the authorization for job submission is done by the
schedd.  if i install condor on my laptop, i can set up my own schedd too, and
i can submit to that schedd.  so you can't stop people from submitting.

what you want to do is configure which jobs will actually get matched and run.

you can set up your pool policy to only run jobs from certain *users*.  but
alas, there isn't currently a way to restrict it by schedd.

or, if there were a way to have the collector accept startd ads but deny schedd
ads based on some policy, that would work for you.  but again, that just isn't
currently possible.  sorry to be the bearer of bad news.


cheers,
-zach