[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] How can I prevent condor_status to provide info onthe pool PCs?



> Therefore, I don't want users on pool PCs to be able to get info of
other > pool PCs by using the condor_status command. How can I prevent
this?

Don't put condor_status on the machines. You'll want it to be available
from a network location for debugging purposes but you don't need to put
it on the machines running jobs.

If you search the mailing list there was a thread a few years ago where
I was asking about the minimal set of binaries required to make a
machine function as an execute node.

Other binaries you'll want to keep off your machines:

condor_q
condor_prio
condor_userprio
condor_vacate
condor_rm
condor_off
condor_config_val
condor_birdwatcher
condor_submit
condor_submit_dag
condor_hold
condor_release
condor_collector
condor_schedd
condor_shadow
condor_wait

All of those are non-essential on a node that's not being used by humans
to interact with Condor.

> On the central manager, I use the macros HOSTALLOW_READ and
> HOSTALLOW_WRITE in the local configuration file. I expected
> that:
>
>   HOSTALLOW_READ = $(FULL_HOSTNAME)
>
> would work; $(FULL_HOSTNAME) refers to the hostname of/on the central
> manager, so that only the central manager can get that information.
> However, this does not work ?!?! Pool PCs still get the full info on
the
> Condor pool!
>
> Any other ideas?

See above. :)

- Ian

Confidentiality Notice.
This message may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution,  or copying  of this message, or any attachments, is strictly prohibited.  If you have received this message in error, please advise the sender by reply e-mail, and delete the message and any attachments.  Thank you.