*** globus-job-manager-script.pl.orig   2006-12-18 12:32:06.000000000 -0600
--- globus-job-manager-script.pl	2006-12-18 12:33:35.000000000 -0600
***************
*** 2,4 ****
--- 2,9 ----
  
+ # Replace this with your command filtering programing of choice.
+ # A return value of '0' indicates that the command will be allowed, and
+ # any other return value indicates that the command will be denied.
+ $FILTER_COMMAND = '/usr/local/bin/commsh --check-user';
+ 
  BEGIN
  {
***************
*** 76,81 ****
--- 81,101 ----
  # If we are submitting a job, we may need to update things like
  # executable & stdin to look in the cache.
+ # We may also need to run the command through a filter script.
  if($command eq 'submit')
  {
+     if (defined $FILTER_COMMAND)
+     {
+         local @filterArgs = split(/\s+/, $FILTER_COMMAND);
+         local $commandName = join(" ", $job_description->executable,
+                                        $job_description->arguments);
+         if (-x $filterArgs[0])  # Make sure program is executable
+         {
+             local $rVal = (system(@filterArgs, $commandName)) >> 8;
+             if($rVal != 0)  # The filter command returned an error, so deny.
+             {
+                 &fail(Globus::GRAM::Error::AUTHORIZATION_DENIED_EXECUTABLE);
+             }
+         }
+     }
      $manager->rewrite_urls();
  }