[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Request: Run hook scripts in the context of the user who will execute the job on Windows

Ian Chesal wrote:

Now, it turns out, I need to mount a drive as part of my Windows hook
script. Or at the very least access a share with a UNC path. And I'm in
the same position. Because the hook scripts run as SYSTEM I have to go
through my Samba server and can't talk directly to my NAS. It's
manageable, but it would all be made easier if the hooks could be run in
the context of the user who will execute the jobs.

Brain storm thoughts:

When you say you need to mount a drive as part of your Windows hook, do you mean the hook itself needs data on the shared file system, or that the hook needs to mount a drive as a preparation step for the user's job to run? Esp if the latter: If you define a USER_JOB_WRAPPER in your condor_config, that wrapper will indeed run as the user, not as system. Your hook script could insert into the job ad (into the job environment perhaps?) information about what share to mount etc, and this would be picked up by your USER_JOB_WRAPPER. Heck, I suppose the hook could even rewrite the job ad's Cmd (executable) attribute to use to point to a dynamically created wrapper that would then of course run as the user when the job is launched.

Another idea: if you are using a "Professional" version of Windows, aka XP Professional and _not_ XP Home etc, and you are using dedicated job run accounts with Condor, perhaps you could use the "runas /savecred" option and then do a runas from inside your hook.

If you haven't looked at it lately, section 6.2.8 of the Condor Manual may inspire some other ideas as well:


hope this helps,

Todd Tannenbaum                       University of Wisconsin-Madison
Condor Project Research               Department of Computer Sciences
tannenba@xxxxxxxxxxx                  1210 W. Dayton St. Rm #4257
Phone: (608) 263-7132                 Madison, WI 53706-1685