[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] OwnerCheck: username?

I played around with rerunning condor_configure to specify --owner on the central manager (which already had its daemons running as condor) as well as the local machine I'm using (where the daemons were running as root), killed the master, changed the groups on some of the files under the local host directories, and finally got the daemons on the local machines to show up as owned by condor.  After that, I was able to submit jobs as any user.

I'm still not sure exactly what happened, or what changed, but it looks OK now.

Btw, when I run condor_configure, it will fail unless I specify --owner (which I set to condor).  I thought this was supposed to default to condor when run as root unless a condor user didn't exist on the local machine, in which case you  would be required to specify --owner.   Am I wrong?  I noticed that if I remove the setting of CONDOR_IDS, then when I start condor_master as root, none of the daemons start at all, although the master starts as condor.  I can only get the daemons to start if I explicitly set CONDOR_IDS to condor (which I thought it should also default to).

Also, I cannot get condor_off -master (or any condor_off call) to work.  It says it sent the kill to the master, but no daemons are ever killed.  I can only kill them by running kill directly.  This is the case whether the daemons are running as root or as condor.  Any idea why?



Michael Yoder wrote:
	- What do you see when you do a 'ps -ef | grep condor'?
root     22700     1  0 Apr22 ?        00:10:31 ./condor_master
root     22701 22700  0 Apr22 ?        00:00:17 condor_schedd -f
root     22702 22700  0 Apr22 ?        00:16:03 condor_startd -f

Now *this* is interesting.  Your condor daemons ought to appear to be
running as user condor.  When started as root, the daemons retain a real
uid of root, but change their effective uid to that of 'condor'.  That
way they normally do stuff as a non-privileged (condor) user, and switch
back to user root only when they have to.  I'll bet that your log files
are owned by user root as well (they're normally owned by user condor).

I saw this behavior once when I started condor from a setuid perl script
(effective uid of root, but real uid of 'condor'); that was why I asked
the first two questions.  Could you try 'ps --user condor' and 'ps
--User condor'?  How about 'ps --User root | grep condor'?  Are you sure
that user condor exists on this machine (and maps to CONDOR_IDS)? :-)

Try turning on D_PRIV for the master and the schedd.  Also look near the
log's startup banner for interesting messages.  I'm not sure if you'll
find much; the privilege stuff is initialized before logging. 

Mike Yoder
Principal Member of Technical Staff
Direct : +1.408.321.9000
Fax    : +1.408.904.5992
Mobile : +1.408.497.7597

Optena Corporation
2860 Zanker Road, Suite 201
San Jose, CA 95134

Condor-users mailing list