Currently, we are running Condor daemons under a service account and all configuration (local and global) files, SSL PKIs and our mapfile are stored on a shared drive that only the service account has access to. Everything works fine as long as I log on to a machine using this service account. In other words, condor_status and other commands work. However, when I log on as a user, the config files, SSL keys and so forth cannot be accessed (e.g., condor_status complains about not being able to see the CONDOR_CONFIG file).
It would seem that the condor service/daemons require access to these files and not the user, but this is not the case. I think this was working before, but I am not positive. Is there a mechanism for us to use the above configuration (config files and SSL keys stored on a secured shared drive) while users can use Condor but do not have access to these files?
What we can do is change these paths to read only and this would work, but I am trying to understand how this works and why it would not work with our current setup.