[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] How can I prevent condor_status to provide infoonthe pool PCs?



>>Ian Chesal wrote:
>>
>> Don't put condor_status on the machines. You'll want it to be
available
>> from a network location for debugging purposes but you don't need to
>> putit on the machines running jobs.
>
> This is a rather insecure solution. An evil person at a public library
PC
> may reinstall the condor_status executable and query the pool of
PCs....
>
> I was looking for a solution, which configures the central manager
> such that it permits condor status queries *ONLY* to by the central
> manager itself. I thought the HOSTALLOW_READ macro in the central
> manager's config file would control this; but that does not seem to
> work.
>
> Hence, is there then no way to configure the central manager in such
> a way that it does not give the full pool information to all the pool
> PCs?

Are you certain your change took effect? Technically setting
HOSTALLOW_READ as you did on *just* the central manger should work. You
could try the collector-specific:

HOSTALLOW_READ_COLLECTOR = $(FULL_HOSTNAME)

IIRC you need a condor_restart for that to take effect.

- Ian

Confidentiality Notice.
This message may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution,  or copying  of this message, or any attachments, is strictly prohibited.  If you have received this message in error, please advise the sender by reply e-mail, and delete the message and any attachments.  Thank you.