Re: [HTCondor-users] Running a script on job start as root

[Thomas Hartmann <thomas.hartmann@xxxxxxx>]

it would probably be nice to have a admin hook to inject admin aka more 
powerful stuff in parallel to a job user context. (especially with some 
having a strong opinion on job wrappers as a no-no ð)
But tbh I have no idea, if something like that would be realizable 
within the startd<-->startd relationship without risk to have a mix up 
of roles/capabilities?
E.g., a hook to start an own shepard process/script/... in parallel to 
the user payload for monitoring and profiling more easy jobs. Ideally 
switched into another more or less privileged functional user? Maybe one 
could hook in with the cgroup v2 glidein sub-group with 23.1.0 with just 
with another sub-group reowned to a functional user and populated with a 
sidecar job?

as a side note: unfortunately, Max pointed out why my idea with a path 
unit never worked out - as virtual file systems like cgroup mounts have 
no support for inotifies ð

On 15/03/2024 11.12, Beyer, Christoph wrote:
> Hi,
>
> I thought Condor does change to the job-owners identity whenever it is possible but usually keeps the abiltity to switch to root when needed ?
>
> Not sure if that is also the case with the jobwrapper but a lot of processes switch from job-owner to root and back in the process ...
>
> Did you make sure it is not the case in the job-wrapper ?
>
> Best
> christoph

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature