Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] userprio security
- Date: Mon, 03 Apr 2006 15:54:13 -0500
- From: "David A. Kotz" <dkotz@xxxxxxxxxxxxx>
- Subject: Re: [Condor-users] userprio security
Roman Zubatyuk wrote:
Dear All,
I am using 6.7.13 I386-LINUX_RH72 codnor. I have ound that any user
of my central manager can change users priority factors. Please, can
you advise me the right configuration entry to disable it.
Thanks in advance,
Roman.
_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
Roman,
This is the section of the condor_config file you should look at and
adjust. I've left mine as $(CONDOR_HOST), which is the central manager,
because I don't allow users to log on to that machine.
##--------------------------------------------------------------------
## Host/IP access levels
##--------------------------------------------------------------------
## Please see the administrator's manual for details on these
## settings, what they're for, and how to use them.
## What machines have administrative rights for your pool? This
## defaults to your central manager. You should set it to the
## machine(s) where whoever is the condor administrator(s) works
## (assuming you trust all the users who log into that/those
## machine(s), since this is machine-wide access you're granting).
HOSTALLOW_ADMINISTRATOR = $(CONDOR_HOST)
## If there are no machines that should have administrative access
## to your pool (for example, there's no machine where only trusted
## users have accounts), you can uncomment this setting.
## Unfortunately, this will mean that administering your pool will
## be more difficult.
#HOSTDENY_ADMINISTRATOR = *
## What machines should have "owner" access to your machines, meaning
## they can issue commands that a machine owner should be able to
## issue to their own machine (like condor_vacate). This defaults to
## machines with administrator access, and the local machine. This
## is probably what you want.
HOSTALLOW_OWNER = $(FULL_HOSTNAME), $(HOSTALLOW_ADMINISTRATOR)