[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] security problems with Condor 7.6.2

Hi Dan/Zach,


Thanks for the quick reply. Non-admin users don’t have write access to the condor_config file but what about this scenario:


An unprivileged user copies the system condor_config file and now has write access to their own copy.

They then edit their own copy to their lliking, point their CONDOR_CONFIG environment variable at it and issue a condor_reconfig.

Would this not change the system configuration ? Or are there some values that cannot be changed without ADMINISTRATOR

authorization ?


On the other bit, I did try clearing out all of the HOSTALLOW authorizations by setting them to null but I still go the same thing.






From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Dan Bradley
Sent: 15 August 2011 16:32
To: condor-users@xxxxxxxxxxx
Subject: Re: [Condor-users] security problems with Condor 7.6.2



For better or worse, "reconfig" is just a write-level command.  It does not require CONFIG or ADMINISTRATOR access.

The ability to set configuration values with condor_config_val is different.  That requires CONFIG level access.

As for why the WRITE-level authorization is being applied to the whole host ... does your configuration define HOSTALLOW_WRITE?  The HOSTALLOW settings are added to the ALLOW settings.


On 8/15/11 10:12 AM, Smith, Ian wrote:

Dear All,


I’m trying to set up a new Condor central manager / submit host using v. 7.6.2 but I’m tearing my

hair out over a potential security hole. It seems that if I give ordinary users WRITE access so that

the can submit jobs then they are also capable of reconfiguring the Condor installation (bit of

a scary thought !) and there seems to be no way of preventing them from doing this without

preventing them from submitting jobs (Catch 22).


In my condor_config I have





CONDOR_USERS = smithic@xxxxxxxxxxxxxxx/ulgp5.liv.ac.uk

ADMIN_USERS  = condor@xxxxxxxxxxxxxxx/ulgp5.liv.ac.uk







(I’ve not put in the execute hosts yet – I’m trying to keep it simple to begin with).


When I do a condor_reconfig as a non-admin user I get see this in MasterLog


PERMISSION GRANTED to smithic@xxxxxxxxxxxxxxx from host

for command 60012 (DC_RECONFIG_FULL), access level WRITE: reason:

WRITE authorization policy allows IP address; identifiers used for this remote host:,ulgp5.liv.ac.uk,ulgp5


It seems as if the host based authorization is taking precedence over the user based authorization.

I’m wondering if this is something to do with the move to drop/discourage the use of HOSTALLOW_*


Any help with this would be extremely useful as I’ve been stuck on this for a week now.


Many thanks,





Advanced Research Computing,

University of Liverpool, UK.


PS I’m using Scientific Linux 6.1 on an x86_64 Dell server.






Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
The archives can be found at: