Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor 6.6.5 install problems

Date: Wed, 30 Jun 2004 11:30:24 -0500
From: Erik Paulson <epaulson@xxxxxxxxxxx>
Subject: Re: [Condor-users] condor 6.6.5 install problems

On Wed, Jun 30, 2004 at 05:24:26PM +0100, Kewley, J (John) wrote:
> > If Condor runs as root, allowing any user other than root to edit the
> > configuration file is a major security concern - if user 'condor' can
> > add entries to the DAEMON_LIST, for example, then user 
> > 'condor' can start
> > any process as root. 
> 
> Nice one!
> 
> I had assumed that only the condor daemons could be named on that line!
> 
> So what can run - any executable on root's path?
> 
> or can you use full pathnames?
> 

You can name full pathnames - in fact, we rely on that:
RELEASE_DIR = /usr/local/bin
SBIN = $(RELEASE_DIR)/sbin
STARTD = $(SBIN)/condor_startd
DAEMON_LIST = MASTER, STARTD, SCHEDD

(the master does do a bit of magic when it sees the SCHEDD/STARTD/etc names
for knowing a few tricks about invoking them)

-Erik



> JK
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> http://lists.cs.wisc.edu/mailman/listinfo/condor-users

References:
- RE: [Condor-users] condor 6.6.5 install problems
  - From: Kewley, J (John)

Prev by Date: RE: [Condor-users] condor 6.6.5 install problems
Next by Date: AW: [Condor-users] Submission error - TErmina Server REmote Client notallowed ?
Previous by thread: RE: [Condor-users] condor 6.6.5 install problems
Next by thread: [Condor-users] MW make error
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [Condor-users] condor 6.6.5 install problems