Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of Windows Vista/7?)
- Date: Wed, 16 Nov 2011 15:34:45 +0100 (CET)
- From: Sukender <suky0001@xxxxxxx>
- Subject: Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of Windows Vista/7?)
I just made an ugly patch to the code, but I can confirm that the localization of "system" account is the cause of the issue. My patched "7.7.2" version works!
Is there already a ticket for this bug? I searched a bit and it seems not. Can someone report it for me (I'm not registered)?
Thanks.
Sukender
----- Mail original -----
De: "Sukender" <suky0001@xxxxxxx>
À: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
Envoyé: Mercredi 16 Novembre 2011 09:08:09
Objet: Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of Windows Vista/7?)
Crap! I just cannot run Condor on my machine unless I recompile it on my own. And of course I can't wait the patched release...
Do you have the patched code? Or can you tell me the email address of the person who fixed it?
Many thanks.
----- Mail original -----
De: "Ziliang Guo" <ziliang@xxxxxxxxxxx>
À: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
Envoyé: Mardi 15 Novembre 2011 22:32:44
Objet: Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of Windows Vista/7?)
We ran across this problem recently with another user very recently,
might also have been a French user now that I think about it, and a
patch was written to fix this issue. It will likely see release as
part of the next next 7.7.x release. The next 7.7.x release is
already going through the release procedure and is code frozen, which
is why the fix will not be in it.
On Tue, Nov 15, 2011 at 3:00 PM, Sukender <suky0001@xxxxxxx> wrote:
> Hi Ziliang, hi all,
>
> Thank you for taking care of my problem! ^^
>
> 1) I use the service mode (MSI installer).
> 2) And anyway my account is part of "Administrators" group.
> 3) That's amazing: I was heading towards such a hypothesis just before I read your mail. And yes! I experience trouble with Condor on French distributions (See "Tests" below).
>
> I strongly suspect Condor to look for a "SYSTEM" account, which is a mistake for Vista/Seven since names are localized (http://msdn.microsoft.com/en-us/library/ms143504.aspx). Indeed, SYSTEM account appears to be called "AUTORITE NT\Système" (or simply "Système") in French distributions of Vista/7. And if I remember well, SYSTEM is simply "SYSTEM" under XP FR (where I had no issues)...
>
> A quick look at Condor's code seems to confirm this:
>
> 7.7.2/src/condor_utils/uids.cpp, line 656, function is_root() tests username against "SYSTEM" string:
> if( !strcasecmp(user, "SYSTEM") ) {
> root = 1;
> }
>
> I'm currently testing if the underlying my_username() function returns a localized string or not. If so, Condor code will have to be patched, either to return a non-localized name, or to test against localized "SYSTEM" name.
>
> I'll mail as soon as I have news for this ^^
>
>
> Tests
> -----
> Note: EN stands for "English", FR stands for "French"
>
> Summary of tests on various Windows platforms:
> 1. "Work" - 7 Family FR : Error on SYSYEM account
> 2. "Home" - XP Pro FR SP3 : All ok
> 3. "Serv" - Server 2008 R2 EN : No issue with SYSTEM, but with temporary profiles (cannot open session)
> 4. "Prod" - 7 Pro FR : Error on SYSYEM account
>
> My previous hypothesis ("Family ed. is an issue for SYSTEM account") is invalidated by test 4.
>
> Cheers,
>
> Sukender
>
> ----- Mail original -----
> De: "Ziliang Guo" <ziliang@xxxxxxxxxxx>
> À: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
> Envoyé: Mardi 15 Novembre 2011 18:59:31
> Objet: Re: [Condor-users] Privileges problems on family edition of Windows Vista/7?
>
> 1) Are you trying to run Condor as a service or are you running the
> Condor master under your own user account?
> 2) If running under your own user account, does your account have
> admin privileges.
> 3) If you are running Condor as a service, is the version of Windows
> you are trying to run it on a non-English version?
>
> On Tue, Nov 15, 2011 at 5:26 AM, Sukender <suky0001@xxxxxxx> wrote:
>> Hi everyone,
>>
>> 1. It seems I can't run Condor properly on a Family edition of Windows (Vista/Seven): Condor daemons complain about SYSTEM privileges.
>> Did anyone successfully ran Condor on such a configuration? If so, how?
>>
>> 2. I tried the same on a Windows Server 2008 R2. There is no privileges issues anymore, but jobs are never run and logs did not tell me much about the problem.
>> Can anyone help ?
>>
>> Details follow...
>>
>>
>> Versions tested: 7.7.2 and 7.6.4
>> Architecture : X86_64
>>
>> I just tried to setup a personal Condor on a Windows 7 machine, and it systematically fails for some critical operations:
>> - "condor_store_cred add" always fail, complaining about privileges ("Operation failed. Target daemon is not running as SYSTEM.")
>> - Jobs (vanilla) stay forever in the queue ("Request has not yet been considered by the matchmaker.")
>> The ShadowLog also complaints about permissions ("init_user_ids: failed because user switching is disabled", see below).
>> Of course, I double checked that the MSI installer properly set the service as using "LOCAL SYSTEM" user... and of course, I tried to delete/reinstall multiple times.
>>
>> What is very strange is that personal Condor worked perfectly on Windows XP (Pro, SP3, and after calling "condor_store_cred add").
>>
>> I also tried to setup a Condor manager on a Windows Server 2008 R2. It works a bit better, but that's not 100%:
>> - Pool is created, and call to "condor_store_cred add" succeeded (ShadowLog is ok).
>> - My "Windows 7 Family" machine has been reconfigured to join the pool and is visible when typing "condor_status"
>> - Neither the "Windows Server" nor the "Windows 7" can submit jobs successfully. They stay in the queue forever (but maybe for different reasons). "-analyze" says "Reject your job because of their own requirements".
>> - "Windows 7" 's ShadowLog still says "init_user_ids: failed because user switching is disabled" (which seems coherent!)
>> - "Windows Server" 's ShadowLog is ok, but SchedLog shows strange things about job submitted from the other machine ("condor_read() failed..." "Response problem from startd when requesting claim..." "Failed to send REQUEST_CLAIM..."), and nothing about the job submitted locally.
>>
>> My ShadowLog (Windows 7 machine), complaining about privileges:
>> 11/15/11 11:44:58 (6.0) (5588): init_user_ids: failed because user switching is disabled
>> 11/15/11 11:44:58 (6.0) (5588): init_user_ids() failed as user Sukender
>> 11/15/11 11:44:58 (6.0) (5588): init_user_ids: failed because user switching is disabled
>> 11/15/11 11:44:58 (6.0) (5588): WriteUserLog::initialize: init_user_ids() failed!
>> 11/15/11 11:44:58 (6.0) (5588): Failed to initialize user log to C:/Temp\condor_job_test.log
>> 11/15/11 11:44:58 (6.0) (5588): Job 6.0 going into Hold state (code 22,0): Failed to initialize user log to C:/Temp\condor_job_test.log
>> 11/15/11 11:44:58 (6.0) (5588): RemoteResource::killStarter(): DCStartd object NULL!
>> 11/15/11 11:44:59 (6.0) (5588): SetEffectiveOwner(Sukender) failed with errno=13: Permission denied.
>> 11/15/11 11:44:59 (6.0) (5588): Failed to update job queue!
>> 11/15/11 11:44:59 (6.0) (5588): ERROR "Failed to initialize user log to C:/Temp\condor_job_test.log" at line 855 in file c:\condor\execute\dir_3188\userdir\src\condor_shadow.v6.1\baseshadow.cpp
>>
>> Cheers,
>>
>> Sukender
>> _______________________________________________
>> Condor-users mailing list
>> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
>> subject: Unsubscribe
>> You can also unsubscribe by visiting
>> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>>
>> The archives can be found at:
>> https://lists.cs.wisc.edu/archive/condor-users/
>>
>
>
>
> --
> Condor Project Windows Developer
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/
>
--
Condor Project Windows Developer
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/