Re: [Condor-users] manager

[Derek Wright <wright@xxxxxxxxxxx>]

On Thu, 17 Mar 2005 07:38:43 -0700  Masao Fujinaga wrote:

> I learned during the condor week that one should not allow general 
> access to the central manager as this gives (by default) administrator 
> powers . Having already made a mistake of making the central manager 
> the same as my submit host, will it be sufficient to make the sbin 
> directory inaccessible to non-root?

what zach said is all true.  i just wanted to add some options on what
you can do about this now that you're in this situation...

1) setup another machine in your pool with restricted login-access to
   be your administrative machine.  use this host for any
   remote-control condor stuff you want to do (condor_off,
   condor_reconfig, etc).  just change the HOSTALLOW_ADMINSTRATOR
   setting in your global config file to list the new machine and NOT
   $(CONDOR_HOST), and then, for the last time, run "condor_reconfig
   -all" from your existing central manager host.  after that,
   administrative condor commands will only work from the new host.

2) use something stronger than host-based authentication.  for
   example, if your site is already using kerberos, you could use
   condor's support for kerberos authentication and only allow a
   specific *user* on the central manager machine to run condor_off
   and friends.  check out the section in the manual on security:
   http://www.cs.wisc.edu/condor/manual/v6.6.9/3_7Security_In.html

3) move your central manager to a different host than your submit
   machine.  no major harm in this, assuming you have a host where you
   can restrict logins to act as your new central manager...

good luck,
-derek