Re: [Condor-users] Running jobs as nobody on all machines

[Emir Imamagic <eimamagi@xxxxxxx>]

Hello,

> That's a problem if you're setting UID_DOMAIN to the hostname to
> force jobs to always run as user nobody. I'm wondering whether they
> could just set the same UID_DOMAIN on all machines (possibly with
> SOFT_UID_DOMAIN) to always run the jobs as the submitting user.

Unfortunatelly, machines dont have same uids for users. Some users are 
not even created on some machines. We cannot change this, so setting same 
UID_DOMAIN is not an option.
Also, jobs can be started by different users and should still access same files (this 
eliminates SOFT_UID_DOMAIN solution).
That's why executing jobs as user nobody would be ideal solution for us.

> > I dont' have to make sure it works, but try putting in your config
> > file
> >
> > UID_DOMAIN = $(FULL_HOSTNAME)
> > SCHEDD.UID_DOMAIN = submitpoint.$(FULL_HOSTNAME)

Excellent idea. I was wondering if there's a way to trick Condor daemons.

Unfortunatelly, it doesn't work. Schedd is advertised as 
submitpoint.$(FULL_HOSTNAME), but job is still executed as a local user 
on submit machine. Here's what I found in StarterLog:
12/8 23:47:32 Communicating with shadow <SubmitHostIP:46785>
12/8 23:47:32 Submitting machine is "$(FULL_HOSTNAME)" 
Seems that Condor relies on information from IP address for finding out 
UID_DOMAIN.
I even tried setting TRUST_UID_DOMAIN options, but job still got executed 
as local user.


I still don't understand why doesn't the solution recommended in 
documentation (unsetting UID_DOMAIN) work?

Thanks for suggestions,
emir