[torqueusers] qdel all

Joshua Bernstein jbernstein at penguincomputing.com
Thu Jun 4 13:17:17 MDT 2009


On Jun 4, 2009, at 12:13 PM, Bogdan Costescu wrote:

> On Jun 4, 2009, at 10:11 AM, Brock Palen wrote:
>
>> qdel all, from a non operator, tries to delete every job, not just
>> ones they own, and it prints out "Unauthorized request"
>
> Without looking at the code, I had the impression that qdel doesn't
> know whether the current user is an admin/operator or not, so it tries
> to delete the job anyway - it's the pbs_server which can diferentiate
> and allow or not the delete request. Someone familiar with the code,
> please correct me if I'm wrong.

Exactly! You're correct! qdel doesn't do any authorization checks as  
the data is stored in the serverdb, thus pbs_server returns the  
unauthorized messages to qdel.

-Joshua Bernstein
Software Engineer
Penguin Computing


More information about the torqueusers mailing list