[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] restricting access to certain condor commands

On Apr 2, 2009, at 10:58 AM, Steven Platt wrote:


I’m about to let some test users loose on a small linux cluster and it occurs to me that I’m going to want to restrict which condor_* commands they can run. On the only submit node, all condor_* commands are in the /opt/ condor/bin/ directory. Can I simply modify the permissions on these files so that regular users can only run e.g. condor_submit, condor_status & condor_q, and I (as admin) become part of the group owner who can run them all?

Or is there some internal command-calling by condor that will be severely shafted by this sort of change?

I ran a quick test and this worked for me.

What are you trying to prevent users from doing? The commands in bin are intended for users; the commands in sbin are intended for administrators. Many of the other commands in bin may be useful for users, such as condor_compile, condor_rm, condor_hold, condor_release...


(I seem to remember a similar topic on this list a few months back but couldn’t find the thread. Pointers to a searchable archive of this mailing list are also appreciated)

A search function is available here:




Dr Steven Platt
Bioinformatics Support Coordinator
Statistics, Modelling and Bioinformatics
Health Protection Agency
Centre for Infections
61 Colindale Avenue

Ian D. Alderman
office: 608.554.4605
main: 888.292.5320

Cycle Computing, LLC
Leader in Condor Grid Solutions
Enterprise Condor Support and Management Tools