[torqueusers] acl's: request for enhancement
garrick at speculation.org
garrick at speculation.org
Thu Jun 15 06:25:56 MDT 2006
On Thu, Jun 15, 2006 at 12:09:15PM +0200, Walter de Jong alleged:
> Hi,
>
> As the manual states, "acl_user_enable" constrains torque to only allow
> these users, and "acl_group_enable" contrains torque to only allow the
> specified groups. Combining acl_user_enable and acl_group_enable results
> in only the first one specified to work. It would be nice if these
> attributes could work together so that the following would work in
> a more intuitive way:
>
> set queue q_genetics acl_user_enable = True
> set queue q_genetics acl_users = bas
> set queue q_genetics acl_users += jaap
> set queue q_genetics acl_users += ramon
> set queue q_genetics acl_users += sscpjong
> set queue q_genetics acl_group_enable = True
> set queue q_genetics acl_groups = sara
> set queue q_genetics acl_groups += genetics
>
> Currently, if user walter is in the group sara, he gets Unauthorized
> request. It would seem more logical (to me) if he wouldn't.
set queue q_genetics acl_logic_or = True
> Furthermore, acl_groups works only for primary unix groups and not for
> secondary groups. I would like to suggest that it should work for
> secondary groups too.
set queue q_genetics acl_group_sloppy = True
More information about the torqueusers
mailing list