Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Understanding PrivSep permissions

Date: Wed, 16 Dec 2009 10:05:43 -0500
From: Marc Tardif <marc@xxxxxxxxxxxxx>
Subject: [Condor-users] Understanding PrivSep permissions

Hi folks,

I've been reading the PrivSep wisdom on the following Condor wiki page:

  http://condor-wiki.cs.wisc.edu/index.cgi/wiki?p=PrivSep

My first question is about this line: "The submit side daemons must still
run as root unless there is only a single submitter or all submitters are
trusted (i.e. a personal Condor)." Is the reason for this to have the
necessary permission to read and write the log files?

My second question is about this line: "For a single Condor instance to
have both (multi-user) submit-side and execute-side functionality either
PrivSep must not be used or the Master must still run as root and be
configured to start the StartD without root (via the STARTD_USERID
setting)." I don't understand why PrivSep should not be used for both
submit and execute nodes. Can someone elaborate?

-- 
Marc Tardif <marc@xxxxxxxxxxxxx>
Freenode: cr3, Jabber: cr3@xxxxxxxxxx
1024D/72679CAD 09A9 D871 F7C4 A18F AC08 674D 2B73 740C 7267 9CAD

Follow-Ups:
- Re: [Condor-users] Understanding PrivSep permissions
  - From: Steven Timm

Prev by Date: [Condor-users] Condor restarts
Next by Date: Re: [Condor-users] Understanding PrivSep permissions
Previous by thread: Re: [Condor-users] Condor restarts
Next by thread: Re: [Condor-users] Understanding PrivSep permissions
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

[Condor-users] Understanding PrivSep permissions