Re: [Condor-users] Security: allow condor_submit, deny condor_advertise

[Jan Ploski <Jan.Ploski@xxxxxxxx>]

condor-users-bounces@xxxxxxxxxxx schrieb am 11/30/2007 04:56:59 PM:

> > I'd like to allow jobs to be submitted by anyone on machine X, but I 
would 
> > like to limit inserting machine ClassAds with condor_advertise to the 
root 
> > user on the same machine. Is there a way to enforce this sort of 
> > authorization (HOSTALLOW_WRITE is obviously too liberal)?
> 
> actually, there is now.  the below features will work in 6.9.5, released
> just this week.
> 
> you will want to set something similar to the below in your 
condor_config.
> this instructs the collector to have different allow lists for schedd 
and
> startd advertisements:
> 
>   ALLOW_ADVERTISE_SCHEDD = submithost.foo.com
>   ALLOW_ADVERTISE_STARTD = *.executehosts.foo.com

Thanks for the tip! I'm surprised to hear that one must switch to the 
development version to get it working, though. :-(

Best regards,
Jan Ploski