Re: [Condor-users] Newbie Condor configuration question and ...

[Erik Paulson <epaulson@xxxxxxxxxxx>]

On Mon, Feb 06, 2006 at 05:55:23PM -0600, Debbie Tropiano wrote:
> Hello -
> 
> I'm working on configuring a Linux cluster and still determining
> which scheduler/resource manager will work best for our needs,
> so I'd like to ask for some help.
> 
> I would like to know if Condor can be configured such that user jobs
> can be sent off to the compute nodes under a single dummy user ID,
> thus not allowing anyone (except for root and the dummy user) login
> access to the nodes.  We need to pursue DoD/NISPOM compliance on our
> cluster and expect that this functionality would facilitate that.
> 

Yes, you can set the UID_DOMAIN on the execute hosts to be 
$(FULL_HOSTNAME). If the UID_DOMAINs do not match between the
machine that submitted the job and the machine that will execute
the job, the machine that will execute the job will choose a
local account, configurable by the admin (and defaults to 'nobody')

Make sure that you're controlling what jobs the users can
submit, either with some sort of submit wrapper or with 
a job wrapper at the execute machine - otherwise, your users can
submit sshd as an executable and login anyway.

-Erik