Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] Mapping users via LCMAPS as root?

Date: Mon, 08 Jun 2020 14:30:08 +0000
From: "Fischer, Max (SCC)" <max.fischer@xxxxxxx>
Subject: [HTCondor-users] Mapping users via LCMAPS as root?

Hi all,

first time trying to use LCMAPS with HTCondor(-CE), hoping for some wisdom.

The callout to LCMAPS seems to work fine. We use
	$ cat /etc/grid-security/gsi-authz.conf
	globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout
with basically alls UMD-4 lcas/lcmaps packages, plus an lcmaps.db from our old ARC5 CEs.

The problem is that LCMAPS is run as the Scheddâs `condor` user. This prevents it from extending pool account leases, which are owned by `root`:
	lcmaps[1877874]  LOG_NOTICE: 2020-06-08.13:27:42Z: lcmaps_gridmapdir-get_pool_mapping: touching requested lease "/etc/grid-security/gridmapdir/%2fdc%3dch%2fdc%3dcern%2fou%3dcomputers%2fcn%3dcmspilot04%2fvocms080%2ecern%2ech" failed: Permission denied

Is there any way to make the Schedd run LCMAPS as `root`?

Cheers,
Max

PS: Weâre using LCMAPS to have Pool accounts shared across machines. If there is any way to do that with unified map files, well, ...

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Prev by Date: Re: [HTCondor-users] restricting admin commands
Next by Date: Re: [HTCondor-users] Missing files in /tmp of a docker job
Previous by thread: Re: [HTCondor-users] help needed to troubleshoot a "SECMAN: FAILED" issue
Next by thread: [HTCondor-users] select multiple elements from lists, eval order in job transforms
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

[HTCondor-users] Mapping users via LCMAPS as root?