[torquedev] [Bug 107] New: incomplete ACL checks for routing queues
bugzilla-daemon at supercluster.org
bugzilla-daemon at supercluster.org
Thu Dec 23 03:05:41 MST 2010
http://www.clusterresources.com/bugzilla/show_bug.cgi?id=107
Summary: incomplete ACL checks for routing queues
Product: TORQUE
Version: 2.5.x
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: pbs_server
AssignedTo: glen.beane at gmail.com
ReportedBy: thzeiser at gmail.com
CC: torquedev at supercluster.org
Estimated Hours: 0.0
The function svr_chkque() in server/svr_jobfunc.c does not execute all ACL
checks for routing queues; in particular the group ACL is only checked for
execution queues:
* 1. If the queue is an Execution queue ...
/* 1f. if enabled, check the queue's group ACL */
Thus, routing queues can only be restricted on the basis of *user* ACLs as user
ACLs are checked later as "5. if enabled, check the queue's user ACL" for any
queue type.
To enable group ACLs (and acl_logic_or=true) also for routing queues, the check
"1f. if enabled, check the queue's group ACL" probably should be done for any
queue type. "5.5. if failed user and group acls, fail" also only makes sense if
"1f" is executed for any queue type (because otherwise failed_group_acl cannot
be set for any non-execution queue)
--
Configure bugmail: http://www.clusterresources.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the torquedev
mailing list