[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] can't have ADMIN acces





Frédéric Bastien wrote:
Hi,

Sorry to reply to myself, but I just understand that I should not mix
the new(user based) and the old(ip based) security setting for a
feature. So if I comment HOSTDENY_ADMINISTRATOR = *, my setup work.


You can mix the old and the new, but you must realize how they work together. If you deny access to *, that means nobody (including even people who you explicitly authorize) can issue administrative commands. In other words, any DENY (or HOSTDENY) setting overrides ALLOW (or HOSTALLOW) settings.


I have one other question. Both condor_restart and condor_reconfig
need admin access.

Actually, from the code, I see that condor_reconfig only requires WRITE access. I do not know why, maybe for backwards compatibility at some point in the past. (The -full option to condor_reconfig, on the other hand, requires administrative access.)

--Dan