Re: [condor-users] Restrict access to certain user/RemoteUser expression query

[Alexander Klyubin <A.Kljubin@xxxxxxxxxxx>]

Paul,

Here's my best guess. Similar to how RANK expression is defined in terms 
of Owner, I think you should use Owner instead of RemoteUser in your 
Requirements expression. RemoteUser, according to the manual, is the 
name of the user whose job is currently occupying the machine, whereas 
Owner is the user whose job is being matched. So, if I am correct, then 
your current setup allows starting of a job of any user provided the 
machine is *at the moment* occupied by 'charaka' or 'paul'.

Regards,
Alexander

Paul Wilson wrote:
> Alexander.
>
>  
>
> The exact expression is: (as reported via condor_config_val from the 
> master node)
>
>  
>
> [root@viognier home]# condor_config_val -name tokay.ucl.ac.uk Requirements
>
>  
>
> (RemoteUser == "charaka@xxxxxxxxxxxxxxxxxxx" || RemoteUser == 
> "paul@xxxxxxxxxxxxxxxxxx")
>
>  
>
> …So the brackets are there.
>
>  
>
> BTW, tokay.ucl.ac.uk is a dual processor machine, so I see vm1 and vm2 
> in condor_status.
>
>  
>
> Paul
>
>  
>
>  
>
>  
>
> -----Original Message-----
> From: owner-condor-users@xxxxxxxxxxx 
> [mailto:owner-condor-users@xxxxxxxxxxx] On Behalf Of Alexander Klyubin
> Sent: 29 March 2004 11:50
> To: condor-users@xxxxxxxxxxx
> Subject: Re: [condor-users] Restrict access to certain user/RemoteUser 
> expression query
>
>  
>
> Can this be caused by missing quotes around paul@xxxxxxxxxxxxxxxxxx in
>
> the Requirements expression?
>
>  
>
> Alexander
>
>  
>
> Paul Wilson wrote:
>
> >  Hi
>
> >
>
> >
>
> >
>
> >  I have 6 machines I want to restrict to just 2 of my users to run their
>
> >  Java jobs.
>
> >
>
> >
>
> >
>
> >  To do this Condor FAQ 7.2 specifies using:
>
> >
>
> >
>
> >
>
> >  Requirements = (RemoteUser == “userfoo@xxxxxxx”)
>
> >
>
> >
>
> >
>
> >  In the config of the machines in question.
>
> >
>
> >
>
> >
>
> >  I've added the following line in the condor.config.local file to machine
>
> >
>
> >  tokay@xxxxxxxxxx
>
> >
>
> >
>
> >
>
> >  Requirements = (RemoteUser == "charaka@xxxxxxxxxxxxxxxxxx
>
> >  <mailto:charaka@xxxxxxxxxxxxx>" ||RemoteUser == paul@xxxxxxxxxxxxxxxxxx
>
> >  <mailto:paul@xxxxxxxxxxxxxxxxxx>)
>
> >
>
> >
>
> >
>
> >  Then applied condor_reconfig.
>
> >
>
> >
>
> >
>
> >  viognier.ucl.ac.uk is the submit host, charaka and paul are the users on
>
> >  this submit host that I want to allow to use this machine.
>
> >
>
> >
>
> >
>
> >  From Viognier:
>
> >
>
> >
>
> >
>
> >  $ condor_config_val -name tokay@xxxxxxxxx <mailto:tokay@xxxxxxxxx>
>
> >  Requirements
>
> >
>
> >
>
> >
>
> >  returns the correct expression.
>
> >
>
> >
>
> >
>
> >  Yet, user vinay@xxxxxxxxxxxxxxxxxx still has his jobs matched to
>
> >  tokay.ucl.ac.uk and run there.
>
> >
>
> >
>
> >
>
> >  Why is this and is there something I’m missing?
>
> >
>
> >
>
> >
>
> >  The pool is v6.4.7, Linux master/submit node and windows execute-only 
> nodes.
>
> >
>
> >
>
> >
>
> >  Cheers,
>
> >
>
> >
>
> >
>
> >  Paul.
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >
>
> >

Attachment: signature.asc
Description: OpenPGP digital signature