[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Win32 Version more questions(Newbie)




My intention it to invoke condor_submit from a .NET application running the webservices engine.  The calling process will pass a "user environment" object containg information abt the user including the (cluster) password and user ID (encrypted, signed and ascii armored using the clusters pgp public key).  Using the USER_JOB_WRAPPER facility the "job launcher" will decrypt and verify the PGP environment XML.  It will then invoke the process using the win32 CreateProcessAsUser. If the user does not exist or does not have the correct permissions the CreateProcess will fail and a error will be returned to the user via webservices objects.  This can be done without the .NET webservice via simple wrapper batch file for condor_submit.  This will perserve the security but raises the problem of the user supplying the "unencrypted password"


Your comments and or ideas?


-==-=-=-=-=-=-==-=-=-=-=-=-=-=-==-=-=-=-=-=-
Disclaimer:

Any resemblance between the above views and those of my
employer, my terminal, or the view out my window are purely
coincidental. 
Any resemblance between the above and my own views is non-deterministic.

 The question of the existence of views in the absence of anyone to hold
them
is left as an exercise for the reader. The question of the existence of
the reader
 is left as an exercise for the second god coefficient. 
(A discussion of non-orthogonal, non-integral polytheism is beyond the
scope of this article.)



 --- On Thu 12/30, matthew hope < matthew.hope@xxxxxxxxx > wrote:
From: matthew hope [mailto: matthew.hope@xxxxxxxxx]
To: nnoydb@xxxxxxxxxx, condor-users@xxxxxxxxxxx
Date: Thu, 30 Dec 2004 15:34:37 +0000
Subject: Re: [Condor-users] Win32 Version more questions(Newbie)

On Thu, 30 Dec 2004 09:55:24 -0500 (EST), N <nnoydb@xxxxxxxxxx> wrote:<br>> <br>> It is possible to alter the command shell utilized by Condor to execute jobs?<br>>    I wish to use 4NT instead of CMD since it is considerably more flexible.<br><br>you could have a batch script which itself executes 4NT - you would<br>require some form of guarantee as to 4NT being present and in a well<br>defined location.<br><br>I drop to cygwin from a batch script but ensure the installation of<br>cygwin is valid.<br><br>Obviously this requires the submitting users to do the right thing (or<br>be forced to do the right thing)<br><br>> Is there a facility to execute my own initialization at service start (via VBScript<br>> or some other script)?<br><br>I believe this is an area where the UNIX versions have a feature<br>windows ports do not. Simply being able to execute per and post batch<br>scripts of the admins choice would be nice...<br><br>>    I wish to setup "mount points" aka "mapped d!
 rives" like the users home<br>>    drive and the common run directories.<br><br>net use is you friend - you will again have to force the users to use<br>scripts of your own choosing again though.<br>Security access is a further issue (the script or classads would need<br>embedded passwords or the network shares would be open to all)<br><br>> I am still unclear how security is handled in Condor (even after reading the <br>> documentation).  I am aware the Condor submit will not queue a job if the<br>> requesting user does not have execute permission (to the job file/binary).  <br>> However, since the service runs under a selected user and no "runas" is <br>> executed what is to prevent the user from copying, accessing, moving file(s) he <br>> or she doesn't have access to but the cluster user does?<br><br>The service normally runs as local admin or equivalent but the<br>processes spawned off for your submitted jobs run as the execute user<br>defined in the config file<br><br!
 >the execute user is entirely controlled by yourself as admin of the<b
r>execute nodes.<br>This user typically has few access privileges except to the execute directory.<br>In windows you would do well to reconsider whether or not condor is<br>right for you if you cannot say yes to one of the following:<br><br>1) I can handle the limitation of ensuring submitted jobs need no<br>external access at all.<br><br>2) I am happy to expose some internal security issues <br><br>3) All jobs will run as a single domain user with the required access<br>to everything it needs - I don't mind ensuring the credentials of this<br>user are maintained on all execute nodes<br><br>> I am sorry if these question seem a bit basic but I am still uncertain after readin <br>> the documentation.  I hope someone has a simular experience and can educate <br>> me or point me in the direction of further documentation.<br><br>There are some previous discussions on this list about how to make a<br>domain user be the execute user....<br><br>If you expect to be able to give user!
 s a way of running their jobs on<br>a different machine but with all the access rights / sspi implied<br>privileges / remote drives you are in for a shock.<br><br>Best thing is to get people out of the habit of assuming their jobs<br>will run as themselves, or indeed in a domain context and provide all<br>required data as part of the job input (this will have significant<br>throughput benefits if you are constantly a hitting databases/network<br>shares).<br><br>Matt<br>

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!