[torqueusers] acl's: request for enhancement

garrick at speculation.org garrick at speculation.org
Thu Jun 15 06:25:56 MDT 2006


On Thu, Jun 15, 2006 at 12:09:15PM +0200, Walter de Jong alleged:
> Hi,
> 
> As the manual states, "acl_user_enable" constrains torque to only allow
> these users, and "acl_group_enable" contrains torque to only allow the
> specified groups. Combining acl_user_enable and acl_group_enable results
> in only the first one specified to work. It would be nice if these
> attributes could work together so that the following would work in
> a more intuitive way:
> 
> set queue q_genetics acl_user_enable = True
> set queue q_genetics acl_users = bas
> set queue q_genetics acl_users += jaap
> set queue q_genetics acl_users += ramon
> set queue q_genetics acl_users += sscpjong
> set queue q_genetics acl_group_enable = True
> set queue q_genetics acl_groups = sara
> set queue q_genetics acl_groups += genetics
> 
> Currently, if user walter is in the group sara, he gets Unauthorized
> request. It would seem more logical (to me) if he wouldn't.

set queue q_genetics acl_logic_or = True

> Furthermore, acl_groups works only for primary unix groups and not for
> secondary groups. I would like to suggest that it should work for
> secondary groups too.

set queue q_genetics acl_group_sloppy = True



More information about the torqueusers mailing list