Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of Windows Vista/7?)

[Ziliang Guo <ziliang@xxxxxxxxxxx>]

A ticket was just made today by TJ:

https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2642

On Wed, Nov 16, 2011 at 8:34 AM, Sukender <suky0001@xxxxxxx> wrote:
> I just made an ugly patch to the code, but I can confirm that the localization of "system" account is the cause of the issue. My patched "7.7.2" version works!
> Is there already a ticket for this bug? I searched a bit and it seems not. Can someone report it for me (I'm not registered)?
> Thanks.
>
> Sukender
>
> ----- Mail original -----
> De: "Sukender" <suky0001@xxxxxxx>
> À: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
> Envoyé: Mercredi 16 Novembre 2011 09:08:09
> Objet: Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of   Windows Vista/7?)
>
> Crap! I just cannot run Condor on my machine unless I recompile it on my own. And of course I can't wait the patched release...
> Do you have the patched code? Or can you tell me the email address of the person who fixed it?
> Many thanks.
>
>
> ----- Mail original -----
> De: "Ziliang Guo" <ziliang@xxxxxxxxxxx>
> À: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
> Envoyé: Mardi 15 Novembre 2011 22:32:44
> Objet: Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of Windows Vista/7?)
>
> We ran across this problem recently with another user very recently,
> might also have been a French user now that I think about it, and a
> patch was written to fix this issue.  It will likely see release as
> part of the next next 7.7.x release.  The next 7.7.x release is
> already going through the release procedure and is code frozen, which
> is why the fix will not be in it.
>
> On Tue, Nov 15, 2011 at 3:00 PM, Sukender <suky0001@xxxxxxx> wrote:
>> Hi Ziliang, hi all,
>>
>> Thank you for taking care of my problem! ^^
>>
>> 1) I use the service mode (MSI installer).
>> 2) And anyway my account is part of "Administrators" group.
>> 3) That's amazing: I was heading towards such a hypothesis just before I read your mail. And yes! I experience trouble with Condor on French distributions (See "Tests" below).
>>
>> I strongly suspect Condor to look for a "SYSTEM" account, which is a mistake for Vista/Seven since names are localized (http://msdn.microsoft.com/en-us/library/ms143504.aspx). Indeed, SYSTEM account appears to be called "AUTORITE NT\Système" (or simply "Système") in French distributions of Vista/7. And if I remember well, SYSTEM is simply "SYSTEM" under XP FR (where I had no issues)...
>>
>> A quick look at Condor's code seems to confirm this:
>>
>> 7.7.2/src/condor_utils/uids.cpp, line 656, function is_root() tests username against "SYSTEM" string:
>>        if( !strcasecmp(user, "SYSTEM") ) {
>>                root = 1;
>>        }
>>
>> I'm currently testing if the underlying my_username() function returns a localized string or not. If so, Condor code will have to be patched, either to return a non-localized name, or to test against localized "SYSTEM" name.
>>
>> I'll mail as soon as I have news for this ^^
>>
>>
>> Tests
>> -----
>> Note: EN stands for "English", FR stands for "French"
>>
>> Summary of tests on various Windows platforms:
>> 1. "Work" - 7 Family FR : Error on SYSYEM account
>> 2. "Home" - XP Pro FR SP3 : All ok
>> 3. "Serv" - Server 2008 R2 EN : No issue with SYSTEM, but with temporary profiles (cannot open session)
>> 4. "Prod" - 7 Pro FR : Error on SYSYEM account
>>
>> My previous hypothesis ("Family ed. is an issue for SYSTEM account") is invalidated by test 4.
>>
>> Cheers,
>>
>> Sukender
>>
>> ----- Mail original -----
>> De: "Ziliang Guo" <ziliang@xxxxxxxxxxx>
>> À: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
>> Envoyé: Mardi 15 Novembre 2011 18:59:31
>> Objet: Re: [Condor-users] Privileges problems on family edition of Windows      Vista/7?
>>
>> 1) Are you trying to run Condor as a service or are you running the
>> Condor master under your own user account?
>> 2) If running under your own user account, does your account have
>> admin privileges.
>> 3) If you are running Condor as a service, is the version of Windows
>> you are trying to run it on a non-English version?
>>
>> On Tue, Nov 15, 2011 at 5:26 AM, Sukender <suky0001@xxxxxxx> wrote:
>>> Hi everyone,
>>>
>>> 1. It seems I can't run Condor properly on a Family edition of Windows (Vista/Seven): Condor daemons complain about SYSTEM privileges.
>>> Did anyone successfully ran Condor on such a configuration? If so, how?
>>>
>>> 2. I tried the same on a Windows Server 2008 R2. There is no privileges issues anymore, but jobs are never run and logs did not tell me much about the problem.
>>> Can anyone help ?
>>>
>>> Details follow...
>>>
>>>
>>> Versions tested: 7.7.2 and 7.6.4
>>> Architecture : X86_64
>>>
>>> I just tried to setup a personal Condor on a Windows 7 machine, and it systematically fails for some critical operations:
>>>  - "condor_store_cred add" always fail, complaining about privileges ("Operation failed. Target daemon is not running as SYSTEM.")
>>>  - Jobs (vanilla) stay forever in the queue ("Request has not yet been considered by the matchmaker.")
>>> The ShadowLog also complaints about permissions ("init_user_ids: failed because user switching is disabled", see below).
>>> Of course, I double checked that the MSI installer properly set the service as using "LOCAL SYSTEM" user... and of course, I tried to delete/reinstall multiple times.
>>>
>>> What is very strange is that personal Condor worked perfectly on Windows XP (Pro, SP3, and after calling "condor_store_cred add").
>>>
>>> I also tried to setup a Condor manager on a Windows Server 2008 R2. It works a bit better, but that's not 100%:
>>>  - Pool is created, and call to "condor_store_cred add" succeeded (ShadowLog is ok).
>>>  - My "Windows 7 Family" machine has been reconfigured to join the pool and is visible when typing "condor_status"
>>>  - Neither the "Windows Server" nor the "Windows 7" can submit jobs successfully. They stay in the queue forever (but maybe for different reasons). "-analyze" says "Reject your job because of their own requirements".
>>>    - "Windows 7" 's ShadowLog still says "init_user_ids: failed because user switching is disabled" (which seems coherent!)
>>>    - "Windows Server" 's ShadowLog is ok, but SchedLog shows strange things about job submitted from the other machine ("condor_read() failed..." "Response problem from startd when requesting claim..." "Failed to send REQUEST_CLAIM..."), and nothing about the job submitted locally.
>>>
>>> My ShadowLog (Windows 7 machine), complaining about privileges:
>>> 11/15/11 11:44:58 (6.0) (5588): init_user_ids: failed because user switching is disabled
>>> 11/15/11 11:44:58 (6.0) (5588): init_user_ids() failed as user Sukender
>>> 11/15/11 11:44:58 (6.0) (5588): init_user_ids: failed because user switching is disabled
>>> 11/15/11 11:44:58 (6.0) (5588): WriteUserLog::initialize: init_user_ids() failed!
>>> 11/15/11 11:44:58 (6.0) (5588): Failed to initialize user log to C:/Temp\condor_job_test.log
>>> 11/15/11 11:44:58 (6.0) (5588): Job 6.0 going into Hold state (code 22,0): Failed to initialize user log to C:/Temp\condor_job_test.log
>>> 11/15/11 11:44:58 (6.0) (5588): RemoteResource::killStarter(): DCStartd object NULL!
>>> 11/15/11 11:44:59 (6.0) (5588): SetEffectiveOwner(Sukender) failed with errno=13: Permission denied.
>>> 11/15/11 11:44:59 (6.0) (5588): Failed to update job queue!
>>> 11/15/11 11:44:59 (6.0) (5588): ERROR "Failed to initialize user log to C:/Temp\condor_job_test.log" at line 855 in file c:\condor\execute\dir_3188\userdir\src\condor_shadow.v6.1\baseshadow.cpp
>>>
>>> Cheers,
>>>
>>> Sukender
>>> _______________________________________________
>>> Condor-users mailing list
>>> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
>>> subject: Unsubscribe
>>> You can also unsubscribe by visiting
>>> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>>>
>>> The archives can be found at:
>>> https://lists.cs.wisc.edu/archive/condor-users/
>>>
>>
>>
>>
>> --
>> Condor Project Windows Developer
>> _______________________________________________
>> Condor-users mailing list
>> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
>> subject: Unsubscribe
>> You can also unsubscribe by visiting
>> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>>
>> The archives can be found at:
>> https://lists.cs.wisc.edu/archive/condor-users/
>> _______________________________________________
>> Condor-users mailing list
>> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
>> subject: Unsubscribe
>> You can also unsubscribe by visiting
>> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>>
>> The archives can be found at:
>> https://lists.cs.wisc.edu/archive/condor-users/
>>
>
>
>
> --
> Condor Project Windows Developer
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/
>



-- 
Condor Project Windows Developer