Re: [Condor-users] restricting access to certain condor commands

["Ian D. Alderman" <ialderman@xxxxxxxxxxxxxxxxxx>]

On Apr 2, 2009, at 10:58 AM, Steven Platt wrote:

> Hi,
>
> I’m about to let some test users loose on a small linux cluster and  
> it occurs to me that I’m going to want to restrict which condor_*  
> commands they can run.
> On the only submit node, all condor_* commands are in the /opt/ 
> condor/bin/ directory. Can I simply modify the permissions on these  
> files so that regular users can only run e.g. condor_submit,  
> condor_status & condor_q, and I (as admin) become part of the group  
> owner who can run them all?
>
> Or is there some internal command-calling by condor that will be  
> severely shafted by this sort of change?

I ran a quick test and this worked for me.

What are you trying to prevent users from doing?  The commands in bin  
are intended for users; the commands in sbin are intended for  
administrators.  Many of the other commands in bin may be useful for  
users, such as condor_compile, condor_rm, condor_hold, condor_release...

> Thanks
>
> Steve
> (I seem to remember a similar topic on this list a few months back  
> but couldn’t find the thread. Pointers to a searchable archive of  
> this mailing list are also appreciated)

A search function is available here:

https://lists.cs.wisc.edu/archive/condor-users/htdig/search.shtml

Cheers,

-Ian

> Dr Steven Platt
> Bioinformatics Support Coordinator
> Statistics, Modelling and Bioinformatics
> Health Protection Agency
> Centre for Infections
> 61 Colindale Avenue
> London
> NW9 5EQ
> www.hpa.org.uk/bioinformatics

--
===================================
Ian D. Alderman
office: 608.554.4605
main: 888.292.5320

Cycle Computing, LLC
Leader in Condor Grid Solutions
Enterprise Condor Support and Management Tools

http://www.cyclecomputing.com
http://www.cyclecloud.com