[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] queue_super_users and setting the job owner in a submit file



I would not expect a queue super user to be able to submit jobs as a different user.

Best,


matt

On 06/21/2012 02:15 AM, Lukas Slebodnik wrote:
If property QUEUE_ALL_USERS_TRUSTED is set to False, then normal users can only
modify or delete their own ClassAds from the job queue.

Queue super users are able to remove(edit) other user's jobs. But I am not
sure if queue super users can submit jobs as other user.

Regards,
Lukas

On Wed, Jun 20, 2012 at 11:00:40PM -0700, Edwin Skidmore wrote:
Hello,

I would like to give a system account ("superaccount") on a submit node the
ability to submit jobs as other users.  All nodes (submit, master, execute)
are running Linux with condor version 7.8.0 and will have duplicate user
accounts (not using kerberos), including the superaccount.  I modified the
condor_config.local to include the following:

QUEUE_SUPER_USERS       = root, condor, superaccount

However, when I try to perform a submit as "superaccount", I get the
following error:

$ condor_submit simple.sub
Submitting job(s)
ERROR: Failed to set Owner="someuser" for job 14424.0 (13)

ERROR: Failed to queue job.

The SchedLog has the following error:

SetAttribute security violation: setting owner to "someuser" when active
owner is "superaccount"

My submit file looks like the following:

Universe   = vanilla
Executable = simple.sh
Arguments  =
Log        = simple.log
Output     = simple.out
Error      = simple.error
+Owner     = "someuser"
transfer_executable = True
should_transfer_files = yes
Queue

It's clear that I'm missing a configuration setting.  Any help would be
greatly appreciated.  Also, any advice on additional security settings that
should be used in conjunction with QUEUE_SUPER_USERS would also be
appreciated.

Thank you,
Edwin

_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/

_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/