On Mon, Mar 24, 2008 at 4:35 AM, Ian Chesal <ICHESAL@xxxxxxxxxx> wrote:
I would like to forbide *some* users to send their own
> executables and allow them just to run /usr/bin/exec1 and
> /usr/local/bin/exec2.
> Can I do that ?
Offhand I can think of any feature in Condor that lets you control what
users can do at this level of detail. Your best bet is to wrap access to
pool in your own submission/authentication mechanism. Don't let users
submit directly to your pool, have them submit through your own
interface that applies its own security policy.
I second Ian's suggestion, but if you want something fast and nasty an
enforced job wrapper script which checks the executable, deletes any
transferred executable and redirects the arguments to a locally
installed (and with correct permission) executable that would do it.
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}