I learned during the condor week that one should not allow general
access to the central manager as this gives (by default) administrator
powers . Having already made a mistake of making the central manager
the same as my submit host, will it be sufficient to make the sbin
directory inaccessible to non-root?