[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor debug output showing my "startd cron" not running because it would be root

On 12/5/11 8:30 AM, Ben Cotton wrote:
On Mon, Dec 5, 2011 at 8:44 AM, Ian Cottam<Ian.Cottam@xxxxxxxxxxxxxxxx>  wrote:
I think we may have fixed this by running the Condor daemons as user/group
"condor" rather than root.
Will anything stop working by them not being root?
I think that'd be the preferred method anyway. We run all of our
daemons as user condor.

Just to be clear: a typical installation of Condor should be started as root so it has root powers when needed. However, a condor user should be made available, or CONDOR_IDS should be configured to reference some other non-root account. The non-root user becomes the effective user id of the condor daemons during the majority of their life, when they do not need root powers. The real user id remains root.

It sounds like you ran into a case where Condor fails to operate when it lacks a non-root account. This makes sense, because Condor explicitly refuses to run some things, such as startd cron jobs, with real user id root. Condor should be made to provide a better warning when configured in this way.