Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor 6.6.5 install problems

Date: Wed, 30 Jun 2004 12:38:28 -0400
From: Gabriel Mateescu <gabriel.mateescu@xxxxxx>
Subject: Re: [Condor-users] condor 6.6.5 install problems

Erik Paulson wrote:
> 
> If Condor runs as root, allowing any user other than root to edit the
> configuration file is a major security concern - if user 'condor' can
> add entries to the DAEMON_LIST, for example, then user 'condor' can start
> any process as root.
> 

However, this risk seems not to exist if root does this:

 - creates the file /etc/condor/condor_config.root 
   owned by root and mode 600 or 644

 - makes sure /etc/condor/condor_config.root 
   defines all sensitive settings, including 
   LOCAL_ROOT_CONFIG_FILE

And does something similar for condor_config.local.root.

A suggestion:
Perhaps future releases of Condor will split 
condor_config into several files, based on what 
subsystem is configured, e.g., central manager versus 
execution node, and the level of access 
(e.g., "condor"  versus "root").

That would make it easier for root to know the list 
of all "sensitive" settings. 

Gabriel

References:
- Re: [Condor-users] condor 6.6.5 install problems
  - From: Erik Paulson

Prev by Date: AW: [Condor-users] Submission error - TErmina Server REmote Client notallowed ?
Next by Date: Re: [Condor-users] MW make error
Previous by thread: Re: [Condor-users] condor 6.6.5 install problems
Next by thread: RE: [Condor-users] condor 6.6.5 install problems
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [Condor-users] condor 6.6.5 install problems