Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] run_as_owner not working in 6.9.5: LOCAL_CREDDbug?

Hi Malcolm:

 

There is a little history behind this one.  There was a limitation of the original release of VMware Server for Windows: it could not run using an Administrative account.  For better or worse, the this meant we simply ran it as SYSTEM in our implementation, as it seems a more reasonable approach than to auto-magically add an Administrative account silently for the VM Universe to run under.  The latest release of VMware Server (1.0.4) no longer has this limitation; however--and unfortunately--the changes required to take advantage of this on Windows have not yet made it into our code. 

 

I think the documentation/”configuration file information blurbs” may have been written in such a way as to suggest that this was a capability on Windows, but it is still not the case.  It only works this way on *nix.  Anyway, I have this on my plate of things to get done, so you should be able to take advantage of it soon.

 

Regards,

-B

 

From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Malcolm Wilkins
Sent: Tuesday, January 08, 2008 9:27 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] run_as_owner not working in 6.9.5: LOCAL_CREDDbug?

 

Thanks Coop for your quick reply.

 

However, the problem remains in 6.9.5, even having taken the steps that you describe (I just reverified this to make sure).

 

I have managed to get vanilla RUN_AS_OWNER jobs working with 6.9.5, by using CREDD_HOST=$(CONDOR_HOST) (i.e. without the port setting) on both master and execute node. But the real prize for me is to be able to run vm-universe jobs with RUN_AS_OWNER, and I still cannot make this work with a shared filesystem. Looking at the vm_gahp log below seems to indicate that even with:

run_as_owner = true specified in the job file,

VM_UNIV_NOBODY_USER specified to a user with a home directory in the config file,

ALLOW_USERS specified to the same user in the config_vmgapp.vmware file

the vm process seems to be launched with system credentials SYSTEM@NT AUTHORITY that are insufficient to access the shared virtual machine files. I have confirmed that these files *are* visible to a vanilla job run on the same execute node with RUN_AS_OWNER = true.

 

Maybe these are the perils of running a pre-release development version...

 

Malcolm