[torqueusers] acl's: request for enhancement
Walter de Jong
walter at sara.nl
Thu Jun 15 04:09:15 MDT 2006
As the manual states, "acl_user_enable" constrains torque to only allow
these users, and "acl_group_enable" contrains torque to only allow the
specified groups. Combining acl_user_enable and acl_group_enable results
in only the first one specified to work. It would be nice if these
attributes could work together so that the following would work in
a more intuitive way:
set queue q_genetics acl_user_enable = True
set queue q_genetics acl_users = bas
set queue q_genetics acl_users += jaap
set queue q_genetics acl_users += ramon
set queue q_genetics acl_users += sscpjong
set queue q_genetics acl_group_enable = True
set queue q_genetics acl_groups = sara
set queue q_genetics acl_groups += genetics
Currently, if user walter is in the group sara, he gets Unauthorized
request. It would seem more logical (to me) if he wouldn't.
Furthermore, acl_groups works only for primary unix groups and not for
secondary groups. I would like to suggest that it should work for
secondary groups too.
*** If you build it, they will come ***
HPC Systems Programmer at SARA Computing and Network Services
People should be able to e-mail me, spambots should not.
Digital signature can be verified by trusting the CA certificate
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3201 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20060615/ea99f230/smime.bin
More information about the torqueusers