[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] How can I prevent condor_status to provide infoonthe pool PCs?
- Date: Fri, 20 Feb 2009 20:30:36 -0500
- From: Ian Chesal <ICHESAL@xxxxxxxxxx>
- Subject: Re: [Condor-users] How can I prevent condor_status to provide infoonthe pool PCs?
>>Ian Chesal wrote:
>> Don't put condor_status on the machines. You'll want it to be
>> from a network location for debugging purposes but you don't need to
>> putit on the machines running jobs.
> This is a rather insecure solution. An evil person at a public library
> may reinstall the condor_status executable and query the pool of
> I was looking for a solution, which configures the central manager
> such that it permits condor status queries *ONLY* to by the central
> manager itself. I thought the HOSTALLOW_READ macro in the central
> manager's config file would control this; but that does not seem to
> Hence, is there then no way to configure the central manager in such
> a way that it does not give the full pool information to all the pool
Are you certain your change took effect? Technically setting
HOSTALLOW_READ as you did on *just* the central manger should work. You
could try the collector-specific:
HOSTALLOW_READ_COLLECTOR = $(FULL_HOSTNAME)
IIRC you need a condor_restart for that to take effect.
This message may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution, or copying of this message, or any attachments, is strictly prohibited. If you have received this message in error, please advise the sender by reply e-mail, and delete the message and any attachments. Thank you.