[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Security: allow condor_submit, deny condor_advertise
- Date: Fri, 30 Nov 2007 09:56:59 -0600
- From: Zachary Miller <zmiller@xxxxxxxxxxx>
- Subject: Re: [Condor-users] Security: allow condor_submit, deny condor_advertise
> I'd like to allow jobs to be submitted by anyone on machine X, but I would
> like to limit inserting machine ClassAds with condor_advertise to the root
> user on the same machine. Is there a way to enforce this sort of
> authorization (HOSTALLOW_WRITE is obviously too liberal)?
actually, there is now. the below features will work in 6.9.5, released
just this week.
you will want to set something similar to the below in your condor_config.
this instructs the collector to have different allow lists for schedd and
ALLOW_ADVERTISE_SCHEDD = submithost.foo.com
ALLOW_ADVERTISE_STARTD = *.executehosts.foo.com