On 5/7/2012 8:19 AM, Matthew Farrellee wrote:
FYI, the current documentation says CONDOR_IDS is ignored if the daemon is not started as root. Can we deprecate CONDOR_IDS? I was able to track it back to, commit 35c50fe0e13840163d093f5ac7de6d3d00f25a49 Author: jbasney <jbasney> Date: Wed Jul 23 16:47:30 1997 +0000 new uid handling with set_priv() calls However, there was no information available for the motivation of its addition. So we can't tell for sure if the original assumptions are still valid. Or if the original use case is still important.
Original use case:When Condor is started as root, it does not run as root - it drops its privileges to user "condor" for 99% of its work. How can the sysadmin tell us what uid to use for user "condor" ? Via CONDOR_IDS. If CONDOR_IDS is not set, then we default to the uid associated with the login name "condor", but anybody who wants some other user to be used will set CONDOR_IDS. I know several sites that set CONDOR_IDS to the uid for login "daemon" for instance.
I think the original use case is still important. regards, Todd