Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ssh_to_job

Date: Thu, 22 Aug 2013 10:52:43 -0700
From: Gabriel Mateescu <mateescu@xxxxxxx>
Subject: Re: [HTCondor-users] condor_ssh_to_job

On Thu, Aug 22, 2013 at 10:38 AM, Rich Pieri <ratinox@xxxxxxx> wrote:
> Gabriel Mateescu wrote:
>> That would be too drastic. However,
>> a more specific error message when
>> the job runs as nobody, e.g., "make
>> sure user nobody has a valid shell"
>> could help.
>
> The nobody account must not have a login shell. This is fundamental UNIX
> (and especially NFS) security. Any test for a login shell for the nobody
> account is unnecessary; such tests must never return true results.
> Dimitri's suggestion to die if job's EUID == nobody is correct.
>

Perhaps "never return true" is too strong,
but in most cases, nobody will not have
a shell.

Gabriel

References:
- [HTCondor-users] condor_ssh_to_job
  - From: Shrum, Donald C
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Todd Tannenbaum
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Dimitri Maziuk
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Rich Pieri
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Dimitri Maziuk
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Gabriel Mateescu
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Rich Pieri

Prev by Date: Re: [HTCondor-users] condor_ssh_to_job
Next by Date: Re: [HTCondor-users] condor_ssh_to_job
Previous by thread: Re: [HTCondor-users] condor_ssh_to_job
Next by thread: Re: [HTCondor-users] condor_ssh_to_job
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [HTCondor-users] condor_ssh_to_job