[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] How to change condors log file permission settings?

On Thu, 9 Sep 2004, John Wheez wrote:

> Thanks for the tips.

Welcome :)

> Since the condor submit creates the log files this is the program which 
> sets the permissions...so i think i will try your idea of changing the 
> permissions of the binary to see if that makes the log files writeable 
> by user "condor". My only workaround has been running condor daemons as 
> "root" which is not recommended.

>From what you are saying you will have the same problem (and what I've
suggested would also fix/work around this) for any job's output file (i.e.
that it is owned by the user runnning condor_submit, but user "condor"
can't write to it), unless your jobs don't write anything to standard
output (or you choose not to have that output returned).

Be aware that if you do what I've said then that means that if (a) someone
can impersonate the user "condor" or (b) ask the user "condor" to do
something on their behalf (perhaphs a Condor job using the standard
universe?), then they can write to/delete these files. 

Also, if you are not running the Condor schedd daemon as root then any
files that your job produces that Condor would normally return using its
file transfer mechanism will be owned by user "condor" and ONLY user
"condor" will have read permissions (and also only user "condor" will
have write permissions).  This means the user who submitted the job can't
read any files the job has created when it was run on the remote machine! 
This is normally a big problem... :(

	-- Bruce

Bruce Beckles,
e-Science Specialist,
University of Cambridge Computing Service.