[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [condor-users] Restrict access to certain user/RemoteUser expression query


Here's my best guess. Similar to how RANK expression is defined in terms of Owner, I think you should use Owner instead of RemoteUser in your Requirements expression. RemoteUser, according to the manual, is the name of the user whose job is currently occupying the machine, whereas Owner is the user whose job is being matched. So, if I am correct, then your current setup allows starting of a job of any user provided the machine is *at the moment* occupied by 'charaka' or 'paul'.


Paul Wilson wrote:

The exact expression is: (as reported via condor_config_val from the master node)

[root@viognier home]# condor_config_val -name tokay.ucl.ac.uk Requirements

(RemoteUser == "charaka@xxxxxxxxxxxxxxxxxxx" || RemoteUser == "paul@xxxxxxxxxxxxxxxxxx")

…So the brackets are there.

BTW, tokay.ucl.ac.uk is a dual processor machine, so I see vm1 and vm2 in condor_status.


-----Original Message-----
From: owner-condor-users@xxxxxxxxxxx [mailto:owner-condor-users@xxxxxxxxxxx] On Behalf Of Alexander Klyubin
Sent: 29 March 2004 11:50
To: condor-users@xxxxxxxxxxx
Subject: Re: [condor-users] Restrict access to certain user/RemoteUser expression query

Can this be caused by missing quotes around paul@xxxxxxxxxxxxxxxxxx in

the Requirements expression?


Paul Wilson wrote:


I have 6 machines I want to restrict to just 2 of my users to run their

Java jobs.

To do this Condor FAQ 7.2 specifies using:

Requirements = (RemoteUser == “userfoo@xxxxxxx”)

In the config of the machines in question.

I've added the following line in the condor.config.local file to machine


Requirements = (RemoteUser == "charaka@xxxxxxxxxxxxxxxxxx

<mailto:charaka@xxxxxxxxxxxxx>" ||RemoteUser == paul@xxxxxxxxxxxxxxxxxx


Then applied condor_reconfig.

viognier.ucl.ac.uk is the submit host, charaka and paul are the users on

this submit host that I want to allow to use this machine.

From Viognier:

$ condor_config_val -name tokay@xxxxxxxxx <mailto:tokay@xxxxxxxxx>


returns the correct expression.

Yet, user vinay@xxxxxxxxxxxxxxxxxx still has his jobs matched to

tokay.ucl.ac.uk and run there.

Why is this and is there something I’m missing?

The pool is v6.4.7, Linux master/submit node and windows execute-only



Attachment: signature.asc
Description: OpenPGP digital signature