Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Security: allow condor_submit, deny condor_advertise

Date: Fri, 30 Nov 2007 17:38:09 +0100
From: Jan Ploski <Jan.Ploski@xxxxxxxx>
Subject: Re: [Condor-users] Security: allow condor_submit, deny condor_advertise

condor-users-bounces@xxxxxxxxxxx schrieb am 11/30/2007 04:56:59 PM:

> > I'd like to allow jobs to be submitted by anyone on machine X, but I 
would 
> > like to limit inserting machine ClassAds with condor_advertise to the 
root 
> > user on the same machine. Is there a way to enforce this sort of 
> > authorization (HOSTALLOW_WRITE is obviously too liberal)?
> 
> actually, there is now.  the below features will work in 6.9.5, released
> just this week.
> 
> you will want to set something similar to the below in your 
condor_config.
> this instructs the collector to have different allow lists for schedd 
and
> startd advertisements:
> 
>   ALLOW_ADVERTISE_SCHEDD = submithost.foo.com
>   ALLOW_ADVERTISE_STARTD = *.executehosts.foo.com

Thanks for the tip! I'm surprised to hear that one must switch to the 
development version to get it working, though. :-(

Best regards,
Jan Ploski

Follow-Ups:
- Re: [Condor-users] Security: allow condor_submit, deny condor_advertise
  - From: Zachary Miller

References:
- Re: [Condor-users] Security: allow condor_submit, deny condor_advertise
  - From: Zachary Miller

Prev by Date: Re: [Condor-users] Security: allow condor_submit, deny condor_advertise
Next by Date: Re: [Condor-users] Security: allow condor_submit, deny condor_advertise
Previous by thread: Re: [Condor-users] Security: allow condor_submit, deny condor_advertise
Next by thread: Re: [Condor-users] Security: allow condor_submit, deny condor_advertise
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [Condor-users] Security: allow condor_submit, deny condor_advertise