[torqueusers] acl's: request for enhancement

Walter de Jong walter at sara.nl
Thu Jun 15 04:09:15 MDT 2006


As the manual states, "acl_user_enable" constrains torque to only allow
these users, and "acl_group_enable" contrains torque to only allow the
specified groups. Combining acl_user_enable and acl_group_enable results
in only the first one specified to work. It would be nice if these
attributes could work together so that the following would work in
a more intuitive way:

set queue q_genetics acl_user_enable = True
set queue q_genetics acl_users = bas
set queue q_genetics acl_users += jaap
set queue q_genetics acl_users += ramon
set queue q_genetics acl_users += sscpjong
set queue q_genetics acl_group_enable = True
set queue q_genetics acl_groups = sara
set queue q_genetics acl_groups += genetics

Currently, if user walter is in the group sara, he gets Unauthorized
request. It would seem more logical (to me) if he wouldn't.

Furthermore, acl_groups works only for primary unix groups and not for
secondary groups. I would like to suggest that it should work for
secondary groups too.



                   *** If you build it, they will come ***

HPC Systems Programmer at SARA Computing and Network Services
People should be able to e-mail me, spambots should not.

Digital signature can be verified by trusting the CA certificate
at http://ca.dutchgrid.nl/medium/cacert.pem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3201 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20060615/ea99f230/smime.bin

More information about the torqueusers mailing list