Re: [Condor-users] Setting Root User Problem

["Stephen Broughton" <buell_man@xxxxxxxxxxx>]

I can easily make a condor user, but I am now confused because it says in
the Condor manual to run them as root if possible ??

--------------------
3.2.3.2 Will Condor run as root or not?
Start up the Condor daemons as the Unix user root. Without this, Condor can
do very little to enforce security and policy decisions. You can install
Condor as any user, however there are both serious security and performance
consequences. Please see section 3.7.1 on page  in the manual for the
details and ramifications of running Condor as a Unix user other than root.

3.7.1.1 Running Condor as Non-Root

While we strongly recommend starting up the Condor daemons as root, we
understand that it is not always possible to do so. The main problems appear
when one Condor installation is shared by many users on a single machine, or
if machines are set up to only execute Condor jobs. With a submit-only
installation for a single user, there is no need for (or benefit from)
running as root.

--------------------

So if the answer is to create a user condor and run the jobs as that user I
will do it, but his section gave me the impression that they should be run
as root.  This will eventually be the master node for my grid and I would
like to have it run with the optimal configuration fro an isolated grid.

thanks

----- Original Message ----- 
From: "Jaime Frey" <jfrey@xxxxxxxxxxx>
To: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
Sent: Thursday, October 13, 2005 9:51 AM
Subject: Re: [Condor-users] Setting Root User Problem


> On Oct 13, 2005, at 9:50 AM, Stephen Broughton wrote:
>
> > I am setting up a Linux Redhad Fedora 3 isolated grid.  The Condor
> > documentation recommends running Condor as the root user is
> > possible.  I am
> > having problems trying to make this happen.
> >
> > [root@condor1 sbin]# ps -ef | egrep condor_
> > daemon    3454     1  0 Oct05 ?        00:24:41 condor_master -f
> > daemon    3314  3454  0 13:54 ?        00:00:00 condor_collector -f
> > daemon    3315  3454  0 13:54 ?        00:00:00 condor_negotiator -f
> > daemon    3317  3454  0 13:54 ?        00:00:00 condor_schedd -f
> > daemon    3320  3454  0 13:54 ?        00:00:12 condor_startd -f
> >
> > The default user for the processes to run is "daemon", the manual
> > says to
> > use condor_config --owner=<user> to change that, but it is giveing
> > me an
> > error:
> >
> > [root@condor1 examples]# condor_configure  --owner="root"
> >
> > Invalid user: getpwnam("root") failed!
> >
> > [root@condor1 examples]# condor_configure  --owner="root"
> >
> > Invalid user: getpwnam("root") failed!
>
> When the Condor daemons are started as root, they switch to a non-
> privileged user for most of their life and switch back to root only
> when necessary (to start a job as the user, for example). The --owner
> option to condor_configure says what non-privileged user this should
> be. By default, Condor looks for a 'condor' user.
>
> > When I try to submit the example programs with the current setting
> > I get
> > this error:
> >
> > [root@condor1 examples]# condor_submit stream.cmd
> >
> > ERROR: Submitting jobs as user/group 0 (root) is not allowed for
> > security
> > reasons.
> >
> > [root@condor1 examples]# condor_submit sh_loop.cmd
> >
> > ERROR: Submitting jobs as user/group 0 (root) is not allowed for
> > security
> > reasons.
>
> The submit jobs as a user other than root.
>
> +----------------------------------+---------------------------------+
> |            Jaime Frey            |  Public Split on Whether        |
> |        jfrey@xxxxxxxxxxx         |  Bush Is a Divider              |
> |  http://www.cs.wisc.edu/~jfrey/  |         -- CNN Scrolling Banner |
> +----------------------------------+---------------------------------+
>
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>