Re: [Condor-users] OwnerCheck: username?

[Cathy Pfister <cathyjp@xxxxxxxxxx>]

I played around with rerunning condor_configure to specify --owner on
the central manager (which already had its daemons running as condor)
as well as the local machine I'm using (where the daemons were running
as root), killed the master, changed the groups on some of the files
under the local host directories, and finally got the daemons on the
local machines to show up as owned by condor.  After that, I was able
to submit jobs as any user.

I'm still not sure exactly what happened, or what changed, but it looks
OK now.

Btw, when I run condor_configure, it will fail unless I specify --owner
(which I set to condor).  I thought this was supposed to default to
condor when run as root unless a condor user didn't exist on the local
machine, in which case you  would be required to specify --owner.   Am
I wrong?  I noticed that if I remove the setting of CONDOR_IDS, then
when I start condor_master as root, none of the daemons start at all,
although the master starts as condor.  I can only get the daemons to
start if I explicitly set CONDOR_IDS to condor (which I thought it
should also default to).

Also, I cannot get condor_off -master (or any condor_off call) to
work.  It says it sent the kill to the master, but no daemons are ever
killed.  I can only kill them by running kill directly.  This is the
case whether the daemons are running as root or as condor.  Any idea
why?

Thanks,

Cathy


Michael Yoder wrote:
> > > 	- What do you see when you do a 'ps -ef | grep condor'?
> > >     
> > root     22700     1  0 Apr22 ?        00:10:31 ./condor_master
> > root     22701 22700  0 Apr22 ?        00:00:17 condor_schedd -f
> > root     22702 22700  0 Apr22 ?        00:16:03 condor_startd -f
> >   
>
> Now *this* is interesting.  Your condor daemons ought to appear to be
> running as user condor.  When started as root, the daemons retain a real
> uid of root, but change their effective uid to that of 'condor'.  That
> way they normally do stuff as a non-privileged (condor) user, and switch
> back to user root only when they have to.  I'll bet that your log files
> are owned by user root as well (they're normally owned by user condor).
>
> I saw this behavior once when I started condor from a setuid perl script
> (effective uid of root, but real uid of 'condor'); that was why I asked
> the first two questions.  Could you try 'ps --user condor' and 'ps
> --User condor'?  How about 'ps --User root | grep condor'?  Are you sure
> that user condor exists on this machine (and maps to CONDOR_IDS)? :-)
>
> Try turning on D_PRIV for the master and the schedd.  Also look near the
> log's startup banner for interesting messages.  I'm not sure if you'll
> find much; the privilege stuff is initialized before logging. 
>
> Mike Yoder
> Principal Member of Technical Staff
> Direct : +1.408.321.9000
> Fax    : +1.408.904.5992
> Mobile : +1.408.497.7597
> yoderm@xxxxxxxxxx
>
> Optena Corporation
> 2860 Zanker Road, Suite 201
> San Jose, CA 95134
> http://www.optena.com
>
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users