[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] SRB issues with Condor



On 1/12/06, Gordon German <gordon.german@xxxxxxxx> wrote:
> Dear all,
>
> There seems to be an issue running srb (for file transfer) within the
> dynamically created condor account on a Windows execution node.
<snip>
> started on the Windows box by a normal user, it fails when run under the
> dynamic account created by the condor submission. Srb seems to
> instantiate itself by copying the user's mdasEnv file to a temporary
> session file. However, this session file is created using the process
> identifiers of the parent (or the shell). It is not a read/write
> permission problem, as the script can read or write to any of the srb
> directories. Rather, it is something about the dynamic account
> environment that prevents this.

(proviso - I know nothing about srb)
In windows the condor execute account is not simply a low priviledged
user - it also is not a member of any domain. Thus pretty much no
matter what access priviledges you set remotely* the executing app
can't see anything beyond the local machine without explicit
instructions on who to connect as

> I have tried running as a different user (using the Windows app
> 'runas'), but this requires interactive input of the new user's
> password, which is problematic.

net use can be supplied the password on the command line - this then
gives you file system access which may be sufficient - there are
_many_ posts passim on this.

Matt

* There may be some way to make machines accessible from machines
outside the domain (and not a member of some other domain) but I can't
imagine any sysadmin letting this happen...