[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] condor 6.6.5 install problems
- Date: Wed, 30 Jun 2004 11:30:24 -0500
- From: Erik Paulson <epaulson@xxxxxxxxxxx>
- Subject: Re: [Condor-users] condor 6.6.5 install problems
On Wed, Jun 30, 2004 at 05:24:26PM +0100, Kewley, J (John) wrote:
> > If Condor runs as root, allowing any user other than root to edit the
> > configuration file is a major security concern - if user 'condor' can
> > add entries to the DAEMON_LIST, for example, then user
> > 'condor' can start
> > any process as root.
> Nice one!
> I had assumed that only the condor daemons could be named on that line!
> So what can run - any executable on root's path?
> or can you use full pathnames?
You can name full pathnames - in fact, we rely on that:
RELEASE_DIR = /usr/local/bin
SBIN = $(RELEASE_DIR)/sbin
STARTD = $(SBIN)/condor_startd
DAEMON_LIST = MASTER, STARTD, SCHEDD
(the master does do a bit of magic when it sees the SCHEDD/STARTD/etc names
for knowing a few tricks about invoking them)
> Condor-users mailing list