Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Setting Root User Problem
- Date: Thu, 13 Oct 2005 11:30:37 -0500
- From: Jaime Frey <jfrey@xxxxxxxxxxx>
- Subject: Re: [Condor-users] Setting Root User Problem
On Oct 13, 2005, at 11:06 AM, Stephen Broughton wrote:
I can easily make a condor user, but I am now confused because it
says in
the Condor manual to run them as root if possible ??
--------------------
3.2.3.2 Will Condor run as root or not?
Start up the Condor daemons as the Unix user root. Without this,
Condor can
do very little to enforce security and policy decisions. You can
install
Condor as any user, however there are both serious security and
performance
consequences. Please see section 3.7.1 on page in the manual for the
details and ramifications of running Condor as a Unix user other
than root.
3.7.1.1 Running Condor as Non-Root
While we strongly recommend starting up the Condor daemons as root, we
understand that it is not always possible to do so. The main
problems appear
when one Condor installation is shared by many users on a single
machine, or
if machines are set up to only execute Condor jobs. With a submit-only
installation for a single user, there is no need for (or benefit from)
running as root.
--------------------
So if the answer is to create a user condor and run the jobs as
that user I
will do it, but his section gave me the impression that they should
be run
as root. This will eventually be the master node for my grid and I
would
like to have it run with the optimal configuration fro an isolated
grid.
When we say to run the daemons as root, that means you *start* them
as root. They then switch to a non-root user whenever they don't need
root power. This is to reduce the risk of screwing up the system if
there's a bug or other problem. When the daemons need to the
something that requires root power (like starting a job as the user),
the daemons switch to root, do the deed, then return to non-root.
You then submit your jobs as a normal user (i.e. not root or condor)
and Condor will run them as that same user.
+----------------------------------+---------------------------------+
| Jaime Frey | Public Split on Whether |
| jfrey@xxxxxxxxxxx | Bush Is a Divider |
| http://www.cs.wisc.edu/~jfrey/ | -- CNN Scrolling Banner |
+----------------------------------+---------------------------------+