Re: [HTCondor-users] Windows - Encrypt_Execute_Directory

[Todd Tannenbaum <tannenba@xxxxxxxxxxx>]

On 8/12/2021 10:32 AM, John M Knoeller wrote:

If you want to force encryption on the submit,  then you would instead add that as a submit transform in the schedd.

Add something like this to the configuration of the schedd

   JOB_TRANFORM_NAMES = $(JOB_TRANFORM_NAMES) Encrypt

   JOB_TRANSFORM_Encrypt @=end

        SET EncryptExecuteDirectory = true

        # optionally also force match to nodes that can encrypt.  (not all Linux nodes can encrypt)

        SET Requirements = ( $(MY.Requirements) ) && TARGET.HasEncryptExecuteDirectory 

   @end

This will override the value of the Job's attribute at submit time.

    Hi Greg,
    
    In addition to the above, you may want to consider adding the
    following line to your config if you want to deny users the ability
    to edit this attribute after submission:
    
         # Do not allow users to edit the value of
      EncryptExecuteDirectory after submission
         # via tools like condor_qedit or chirp.
         IMMUTABLE_JOB_ATTRS = $(IMMUTABLE_JOB_ATTRS)
      EncryptExecuteDirectory
    
    regards,
    Todd