[gold-users] preventing users from querying other users

Scott Jackson scott at clusterresources.com
Thu Mar 8 12:18:05 MST 2007


I know it is confusing.

What you have done here will effectively shutdown the ability of regular
users to do any gold activities (with the Anonymous NONE). This should
take effect after the next restart of goldd.

The OVERRIDE role is a special role that is used to allow certain
defined actions (like Account Balance) to use special internally defined
role algorithms -- for example, for AccountBalance, if ROLEACTION is set
to ANY, it will allow people to see the balance if the requestor is a
project admin asking for a project balance, or they are a normal user
asking for their own balance. In addition, because of the full
permissions available to System Admins, System Admins will always be
able to request balance of whoever they want.

I would not recommend turning off the OVERRIDE role by setting the
OVERRIDE ROLEUSER to NONE, rather, I would remove all access to account

gold> RoleAction Query Name==Balance
Role      Object  Name    Instance 
--------- ------- ------- -------- 
Anonymous Account Balance ANY      
OVERRIDE  Account Balance ANY      

with RoleAction Delete Name==Balance.

Then restart Gold so it will take effect.

As far as statements, Statement is not an action in itself. The gold
gstatement client simply gathers information from multiple queries and
digests and aggregates the results into an intelligible form.

If you only wanted the gold admin to be able to run this command, the
only thing I can think of would be to take off the setuid bit from the
gstatement command so they could not run it. Also, make the command
non-readable by others, so they cannot easily look through the command
and piece together the queries themselves (of course they could always
download gold themselves to get this -- but they would have to be pretty
determined). It is possible to completely determine exactly what object
types they can query by disabling the Anonymous ANY RoleAction Query.
You would then have to explicitly add all Queries that you would like
Anonymous Users to be able to perform.

I hope this helps,


On Tue, 2007-03-06 at 10:17 -0500, Kevin Van Workum wrote:
> I'd like to prevent users from querying the balance, statements, etc.
> for object that aren't related to them. Looks like that's what
> RoleUser is for, but I can't seem to get it to work correctly. For
> example I have: 
> gold> RoleUser Query
> Role        Name 
> ----------- ---- 
> SystemAdmin gold 
> Scheduler   root 
> Scheduler   maui 
> Anonymous   NONE 
> But with these setting, normal users can still use gbalance to see
> everyone's balance. Some help here please. 
> Also, what is the OVERRIDE Role for? Can I safely delete it?
> Kevin
> _______________________________________________
> gold-users mailing list
> gold-users at supercluster.org
> http://www.supercluster.org/mailman/listinfo/gold-users

More information about the gold-users mailing list