[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Security: allow condor_submit, deny condor_advertise

condor-users-bounces@xxxxxxxxxxx schrieb am 11/30/2007 04:56:59 PM:

> > I'd like to allow jobs to be submitted by anyone on machine X, but I 
> > like to limit inserting machine ClassAds with condor_advertise to the 
> > user on the same machine. Is there a way to enforce this sort of 
> > authorization (HOSTALLOW_WRITE is obviously too liberal)?
> actually, there is now.  the below features will work in 6.9.5, released
> just this week.
> you will want to set something similar to the below in your 
> this instructs the collector to have different allow lists for schedd 
> startd advertisements:
>   ALLOW_ADVERTISE_SCHEDD = submithost.foo.com
>   ALLOW_ADVERTISE_STARTD = *.executehosts.foo.com

Thanks for the tip! I'm surprised to hear that one must switch to the 
development version to get it working, though. :-(

Best regards,
Jan Ploski