Re: [condor-users] 'sbin' security config..

[Alain Roy <roy@xxxxxxxxxxx>]

> A bit ago, I seem to remember seeing a config directive that limited who 
> could access/run the commands in {condor_home}/sbin..

Condor doesn't have a way to restrict who can execute those commands. You 
can do that through the normal Unix file permissions though.

However, there are ways to configure who is allowed to who is allowed to 
have an affect with those commands. That is, anyone can run the binaries, 
but not anyone can affect your pool.

The question is, how do you identify who is allowed? Since users may or may 
not be shared across a pool, there are several possible mechanisms for 
identifying users: IP address, GSI, Kerberos, and Windows authentication 
are the major methods. Setting these up is described in Section 3.7 of the 
Condor 6.6 manual:

http://www.cs.wisc.edu/condor/manual/v6.6/3_7Security_In.html

IP address-based identification is the easiest to set up, but isn't 
terribly secure. GSI and Kerberos both work well, but take more effort to 
set up if you aren't already using them.

-alain


Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>