Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] [EXTERNAL] Re: HTCondor 9 permissions issue

Thanks Luke and Thomas!

 

Lukeâs solution worked!

 

Cheers,

Mike

 

 

--

Michael Fienen, Ph. D.
Research Hydrologist
United States Geological Survey

Upper Midwest Water Science Center
1 Gifford Pinchot Drive

Madison, Wisconsin 53726
phone:  608.821.3894
https://www.usgs.gov/staff-profiles/michael-n-fienen

 

 

From: Luke Kreczko <L.Kreczko@xxxxxxxxxxxxx>
Date: Friday, September 6, 2024 at 4:31âAM
To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx>
Cc: Fienen, Michael N <mnfienen@xxxxxxxx>
Subject: [EXTERNAL] Re: [HTCondor-users] HTCondor 9 permissions issue

 

 This email has been received from outside of DOI - Use caution before clicking on links, opening attachments, or responding.  

 

Hi Mike,

 

In the default security configuration, condor_rm seems to be restricted to the condor user:

sudo -H -u condor bash -c 'condor_rm <job id or user>' 

 

If someone has a snippet to allow users to delete their own jobs, that would be great (literally had a request like this yesterday).

 

Cheers,

Luke

From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Fienen, Michael N via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Sent: 05 September 2024 15:50
To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx>
Cc: Fienen, Michael N <mnfienen@xxxxxxxx>
Subject: [HTCondor-users] HTCondor 9 permissions issue

 

Hello!

 

We are running a HTCondor 9.0 pool on Rocky Linux. Recently, we are finding some held jobs are impossible to remove. As an example, hereâs what we get:

$ condor_rm 3814

Couldn't find/remove all jobs in cluster 3814

$ condor_rm 3814.0

Permission denied to remove job 3814.0

 

Same responses for condor_release.

 

Our configuration on the submitting machine is like this:

In  00-htcondor-9.0.config

 

# use security:host_based

use security:recommended_v9_0

 

and in 01-submit.config

# For details, run condor_config_val use role:get_htcondor_submit

use role:get_htcondor_submit

 

We do not have a ALLOW_ADMINISTRATORS knob dialed in. Should we allow $(IP_ADDRESS)? Any other permissions come to mind?

 

Many thanks

Mike

 

 

 

 

--

Michael Fienen, Ph. D.
Research Hydrologist
United States Geological Survey

Upper Midwest Water Science Center
1 Gifford Pinchot Drive

Madison, Wisconsin 53726
phone:  608.821.3894
https://www.usgs.gov/staff-profiles/michael-n-fienen