[Condor-users] CONDOR Windows Client Security

["Gregory Regan" <gregory.regan@xxxxxxxxxxxxxx>]

Hi

We are currently setting up a Condor Grid to utilise the spare capacity
of our staff and student PCs and the question of security has been
raised.

Does anyone know if it is possible to submit a Condor job that can, for
instance, access (read, write, modify) the various user folders under
'documents and settings' or other secure folders?

I understand that the Condor service runs using the local system account
and this obviously has elevated privileges.  I have also come across the
dynamically created account 'condor-reuse-vm1' (it is shown as disabled)
which is a member of the local users group - is this the account that
Condor actually uses to run jobs locally??

Is it possible for a Condor job to perhaps add the 'condor-reuse-vm1'
user account to the local admin group and then obviously be potentially
able to access all folders and files?

We are guessing not, but it would be good to have a definitive answer on
this and thus put our users minds at rest.

Many thanks in advance.


Greg

-----o-----o-----o-----o-----o-----o-----o-----
Gregory Regan
Principal Computing Officer
University of Plymouth
Drake Circus
Plymouth
PL4 8AA

Tel: 01752 233930
Fax: 01752 233839
Mob: 07974 248036

E-mail: gregory.regan@xxxxxxxxxxxxxx

http://www.plymouth.ac.uk