Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Running jobs as nobody on all machines

Date: Thu, 8 Dec 2005 11:22:05 -0600
From: Jaime Frey <jfrey@xxxxxxxxxxx>
Subject: Re: [Condor-users] Running jobs as nobody on all machines

On Dec 7, 2005, at 4:36 AM, Emir Imamagic wrote:

Hi,

Have you considered using Condor's file transfer mechanism? It will
transfer the files from the execute machine to the submit machine.
That way, it doesn't matter what user the job is running under on the
execute machine.


I'm familiar with Condor file transfer mechanism. However, the

application is generating large amount of files and we want thefiles to

stay on the execute machine for later processing.

Another option is to add a requirement to the job that it not run on
the machine it was submitted to.

This is not an option because we want to utilize submit machine aswell.

There is also an option of using some other machine to submit jobon the

main submit machine, but we would really want to submit all tasks from
one machine.

Can this be achieved in configuration?


I'm not sure I understand the question.

Why can't you set UID_DOMAIN to be the same on all of the machines?

 -- Jaime

On Dec 5, 2005, at 10:04 PM, Emir Imamagic wrote:

Hi,

we have a rather specific application which generates large
amount of permanent files in a specific directory on a machine
where it
gets executed. Since the execute machine can in the same time be
submit
machine, files are generated with ownerhip of actual user. In the
worse
case scenario job fails because of lack of write permission on
directory.

First we solved this by setting changing group ownership and
setting group
write permission manually. However, this is not really an elegant

solution, because we have to do it on all machines whenever weuse new

specific directory.

Anyway, now, we're changing the application to setuid to nobody
itself.

Still I would like to know how can I achieve this in a Condor
configuration (if it's possible).

Thanks,
emir

On Mon, 5 Dec 2005, Jaime Frey wrote:

Is there some reason why you can't have UID_DOMAIN = FULL_HOSTNAME?

-- Jaime

On Dec 5, 2005, at 6:51 AM, Emir Imamagic wrote:

I found following explanation in documentation:
(http://www.cs.wisc.edu/condor/manual/v6.7/3_3Configuration.html)

--------------------------------------------------------------------

--
-----
You can also leave $(UID_DOMAIN) undefined. This will force
Condor to
always run jobs as user nobody. Running standard universe jobs as
user

nobody enhances your security and should cause no problems,because

the
jobs use remote I/O to access all of their files. ...

--------------------------------------------------------------------

--
-----

However, when I leave UID_DOMAIN undefined in config files, Condor
sets
it to FULL_HOSTNAME.

Cheers,
emir


Emir Imamagic wrote:

Hello to all,

is there a way to force Condor to run jobs as user nobody even in
case
when UID_DOMAIN is same on submit and remote machine?

Thanks in advance,
emir
_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users


_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users


+----------------------------------
+---------------------------------+
|            Jaime Frey            |  Public Split on
Whether        |
|        jfrey@xxxxxxxxxxx         |  Bush Is a
Divider              |
|  http://www.cs.wisc.edu/~jfrey/  |         -- CNN Scrolling
Banner |
+----------------------------------
+---------------------------------+


_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users


_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

+----------------------------------+---------------------------------+| Jaime Frey | Public Split onWhether || jfrey@xxxxxxxxxxx | Bush Is aDivider || http://www.cs.wisc.edu/~jfrey/ | -- CNN ScrollingBanner |+----------------------------------+---------------------------------+



_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users


_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users


+----------------------------------+---------------------------------+
|            Jaime Frey            |  Public Split on Whether        |
|        jfrey@xxxxxxxxxxx         |  Bush Is a Divider              |
|  http://www.cs.wisc.edu/~jfrey/  |         -- CNN Scrolling Banner |
+----------------------------------+---------------------------------+

Follow-Ups:
- Re: [Condor-users] Running jobs as nobody on all machines
  - From: Erik Paulson

References:
- [Condor-users] Running jobs as nobody on all machines
  - From: Emir Imamagic
- Re: [Condor-users] Running jobs as nobody on all machines
  - From: Emir Imamagic
- Re: [Condor-users] Running jobs as nobody on all machines
  - From: Jaime Frey
- Re: [Condor-users] Running jobs as nobody on all machines
  - From: Emir Imamagic
- Re: [Condor-users] Running jobs as nobody on all machines
  - From: Jaime Frey
- Re: [Condor-users] Running jobs as nobody on all machines
  - From: Emir Imamagic

Prev by Date: [Condor-users] submit file : howto ?
Next by Date: Re: [Condor-users] Problems with jobs
Previous by thread: Re: [Condor-users] Running jobs as nobody on all machines
Next by thread: Re: [Condor-users] Running jobs as nobody on all machines
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [Condor-users] Running jobs as nobody on all machines