Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Setting Root User Problem

Date: Thu, 13 Oct 2005 11:30:37 -0500
From: Jaime Frey <jfrey@xxxxxxxxxxx>
Subject: Re: [Condor-users] Setting Root User Problem

On Oct 13, 2005, at 11:06 AM, Stephen Broughton wrote:

I can easily make a condor user, but I am now confused because it says in the Condor manual to run them as root if possible ??

-------------------- 3.2.3.2 Will Condor run as root or not? Start up the Condor daemons as the Unix user root. Without this, Condor can do very little to enforce security and policy decisions. You can install Condor as any user, however there are both serious security and performance consequences. Please see section 3.7.1 on page in the manual for the details and ramifications of running Condor as a Unix user other than root.
3.7.1.1 Running Condor as Non-Root
While we strongly recommend starting up the Condor daemons as root, we understand that it is not always possible to do so. The main problems appear when one Condor installation is shared by many users on a single machine, or if machines are set up to only execute Condor jobs. With a submit-only installation for a single user, there is no need for (or benefit from) running as root.
--------------------
So if the answer is to create a user condor and run the jobs as that user I will do it, but his section gave me the impression that they should be run as root. This will eventually be the master node for my grid and I would like to have it run with the optimal configuration fro an isolated grid.

When we say to run the daemons as root, that means you *start* them as root. They then switch to a non-root user whenever they don't need root power. This is to reduce the risk of screwing up the system if there's a bug or other problem. When the daemons need to the something that requires root power (like starting a job as the user), the daemons switch to root, do the deed, then return to non-root.

You then submit your jobs as a normal user (i.e. not root or condor) and Condor will run them as that same user.

+----------------------------------+---------------------------------+
|            Jaime Frey            |  Public Split on Whether        |
|        jfrey@xxxxxxxxxxx         |  Bush Is a Divider              |
|  http://www.cs.wisc.edu/~jfrey/  |         -- CNN Scrolling Banner |
+----------------------------------+---------------------------------+

References:
- Re: [Condor-users] periodic expressions
  - From: Thomas Materna
- Re: [Condor-users] periodic expressions
  - From: Horvatth Szabolcs
- [Condor-users] Setting Root User Problem
  - From: Stephen Broughton
- Re: [Condor-users] Setting Root User Problem
  - From: Jaime Frey
- Re: [Condor-users] Setting Root User Problem
  - From: Stephen Broughton

Prev by Date: [Condor-users] Condor-G/Globus Problem
Next by Date: Re: [Condor-users] condor_config_val not helpful reporting variables
Previous by thread: Re: [Condor-users] Setting Root User Problem
Next by thread: Re: [Condor-users] Order of selection of machines in condor pool
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [Condor-users] Setting Root User Problem