Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] can't have ADMIN acces

Date: Tue, 8 Apr 2008 11:14:37 -0400
From: "Frédéric Bastien" <nouiz@xxxxxxxxx>
Subject: Re: [Condor-users] can't have ADMIN acces

Hi,

Thanks for the explanation.

I took the information that condor_reconfig needed admin access from
the man page of condor_reconfig and the manual on the web site:
http://www.cs.wisc.edu/condor/manual/v7.0/condor_reconfig.html.

Here is the text:

"For security purposes (authentication and authorization), this
command requires an administrator's level of access. Note that changes
to the ALLOW_* and DENY_* configuration variables require the -full
option. See section 3.6.1 on page [*] for further explanation."

I havan't found the file of the documentation in the source of condor,
so I can't give a patch to fix the doc. But I'm not sur it is the doc
that should be fixed. My first thought would have been that
condor_reconfig need admin right.

Thanks for your time, now it work fine here.

Fred

On Mon, Apr 7, 2008 at 2:21 PM, Dan Bradley <dan@xxxxxxxxxxxx> wrote:
>
>
>  Frédéric Bastien wrote:
>  > Hi,
>  >
>  > Sorry to reply to myself, but I just understand that I should not mix
>  > the new(user based) and the old(ip based) security setting for a
>  > feature. So if I comment HOSTDENY_ADMINISTRATOR = *, my setup work.
>  >
>
>
>  You can mix the old and the new, but you must realize how they work
>  together.  If you deny access to *, that means nobody (including even
>  people who you explicitly authorize) can issue administrative commands.
>  In other words, any DENY (or HOSTDENY) setting overrides ALLOW (or
>  HOSTALLOW) settings.
>
>
>
>  > I have one other question. Both condor_restart and condor_reconfig
>  > need admin access.
>
>  Actually, from the code, I see that condor_reconfig only requires WRITE
>  access.  I do not know why, maybe for backwards compatibility at some
>  point in the past.  (The -full option to condor_reconfig, on the other
>  hand, requires administrative access.)
>
>  --Dan
>
>
>
>  _______________________________________________
>  Condor-users mailing list
>  To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
>  subject: Unsubscribe
>  You can also unsubscribe by visiting
>  https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
>  The archives can be found at:
>  https://lists.cs.wisc.edu/archive/condor-users/
>

References:
- [Condor-users] can't have ADMIN acces
  - From: Frédéric Bastien
- Re: [Condor-users] can't have ADMIN acces
  - From: Dan Bradley
- Re: [Condor-users] can't have ADMIN acces
  - From: Frédéric Bastien
- Re: [Condor-users] can't have ADMIN acces
  - From: Frédéric Bastien
- Re: [Condor-users] can't have ADMIN acces
  - From: Dan Bradley

Prev by Date: Re: [Condor-users] MyProxy failure
Next by Date: [Condor-users] Condor at AEI -- revisited, now with segfault!
Previous by thread: Re: [Condor-users] can't have ADMIN acces
Next by thread: [Condor-users] Quill and rdbms daemons dialog
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [Condor-users] can't have ADMIN acces