[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Condor debug output showing my "startd cron" not running because it would be root
- Date: Mon, 05 Dec 2011 14:59:04 -0600
- From: Dan Bradley <dan@xxxxxxxxxxxx>
- Subject: Re: [Condor-users] Condor debug output showing my "startd cron" not running because it would be root
On 12/5/11 8:30 AM, Ben Cotton wrote:
On Mon, Dec 5, 2011 at 8:44 AM, Ian Cottam<Ian.Cottam@xxxxxxxxxxxxxxxx> wrote:
I think we may have fixed this by running the Condor daemons as user/group
"condor" rather than root.
Will anything stop working by them not being root?
I think that'd be the preferred method anyway. We run all of our
daemons as user condor.
Just to be clear: a typical installation of Condor should be started as
root so it has root powers when needed. However, a condor user should
be made available, or CONDOR_IDS should be configured to reference some
other non-root account. The non-root user becomes the effective user id
of the condor daemons during the majority of their life, when they do
not need root powers. The real user id remains root.
It sounds like you ran into a case where Condor fails to operate when it
lacks a non-root account. This makes sense, because Condor explicitly
refuses to run some things, such as startd cron jobs, with real user id
root. Condor should be made to provide a better warning when configured
in this way.