Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Condor-users] OwnerCheck: username?
- Date: Tue, 24 May 2005 16:50:26 -0700
- From: "Michael Yoder" <yoderm@xxxxxxxxxx>
- Subject: RE: [Condor-users] OwnerCheck: username?
> > Something fishy is going on. You say that the condor_master was
> > started as root, but the lines above can _only_ be printed if the
schedd
> > isn't root and it isn't user condor.
> >
> > - Precisely how was condor started?
>
> Switching user to root and running condor_master from the sbin
directory.
Alright, now I'm really puzzled.
> > - Was it a from a setuid script?
>
> No, not yet.
OK.
> > - Is CONDOR_IDS set in your config file?
>
> Yes. It's set to the UID and GID for condor.
OK.
> > - Is ENV_UG_IDS set in the environment that's starting the
condor
> > master?
>
> No. What's this? I coudn't find any references to it.
Uh...forget I mentioned it. :-)
> > - What do you see when you do a 'ps -ef | grep condor'?
>
> root 22700 1 0 Apr22 ? 00:10:31 ./condor_master
> root 22701 22700 0 Apr22 ? 00:00:17 condor_schedd -f
> root 22702 22700 0 Apr22 ? 00:16:03 condor_startd -f
Now *this* is interesting. Your condor daemons ought to appear to be
running as user condor. When started as root, the daemons retain a real
uid of root, but change their effective uid to that of 'condor'. That
way they normally do stuff as a non-privileged (condor) user, and switch
back to user root only when they have to. I'll bet that your log files
are owned by user root as well (they're normally owned by user condor).
I saw this behavior once when I started condor from a setuid perl script
(effective uid of root, but real uid of 'condor'); that was why I asked
the first two questions. Could you try 'ps --user condor' and 'ps
--User condor'? How about 'ps --User root | grep condor'? Are you sure
that user condor exists on this machine (and maps to CONDOR_IDS)? :-)
Try turning on D_PRIV for the master and the schedd. Also look near the
log's startup banner for interesting messages. I'm not sure if you'll
find much; the privilege stuff is initialized before logging.
Mike Yoder
Principal Member of Technical Staff
Direct : +1.408.321.9000
Fax : +1.408.904.5992
Mobile : +1.408.497.7597
yoderm@xxxxxxxxxx
Optena Corporation
2860 Zanker Road, Suite 201
San Jose, CA 95134
http://www.optena.com