Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
_______________________________________________I think this is what QUEUE_SUPER_USER_MAY_IMPERSONATE (https://htcondor.readthedocs.io/en/stable/admin-manual/configuration-macros.html) is for.
-Mat
On 8/9/19 3:40 AM, Alexander Prokhorov wrote:
Dear John,
Is it possible to overcome this limitation somehow? Actually, we are building and app which uses HT Condor as a calculation runtime and all appâs services (read HT Condo clients) always run from a single user âserverâ. We need to somehow impersonate real cluster users when we do requests to HT Condor. We succeeded in this with vanilla and universe jobs. Isnât this possible with COD tasks?
On 8 Aug 2019, at 21:33, John M Knoeller <johnkn@xxxxxxxxxxx> wrote:
_______________________________________________You must set the Owner attribute to the same username that your python script is running as, anything elsewould be a security violationÂ-tjÂFrom:ÂHTCondor-users <htcondor-users-bounces@xxxxxxxxxxx>ÂOn Behalf OfÂdon_vanchos
Sent:ÂThursday, August 8, 2019 11:15 AM
To:ÂHTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject:Â[HTCondor-users] Error trying to set Owner attribute to Computing On Demand (COD) job.ÂHello,ÂI am using python API for COD jobs and simple example is:
claim = htcondor.Claim(slot_ad)
claim.requestCOD()
job = {
"Cmd": "/bin/echo",
"JobUniverse": 5,
"Iwd": "/some/dir",
"Out": "test.out",
"Err": "test.err",
"StarterUserLog": "test.log",
"Owner": "user101",
"Args": "hello world",
}
claim.activate(job)
After that I get the following error (from `htcondor.enable_debug()`):
```
08/08/19 15:39:29 (fd:4) (pid:6314) (D_HOSTNAME) IsLocal: N, IdStr: startd at <192.168.128.6:9618>, Error: Owner specified in ClassAd as 'user101' yet request sent by user 'rootusr', possible security attack, request refused!
```
How can I make a cod-job run from a specific user? If I cannot make activation from another user, what is the effect of the `Owner` attribute?Â
My settings:
QUEUE_SUPER_USERS = $(QUEUE_SUPER_USERS) rootusr
VALID_COD_USERS = $(QUEUE_SUPER_USERS)
Â--ÂSincerely yours,
Ivan Ergunov                         mailto:hozblok@xxxxxxxxx
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/
_______________________________________________ HTCondor-users mailing list To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users The archives can be found at: https://lists.cs.wisc.edu/archive/htcondor-users/
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/