[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] condor_ssh_to_job
- Date: Thu, 22 Aug 2013 10:52:43 -0700
- From: Gabriel Mateescu <mateescu@xxxxxxx>
- Subject: Re: [HTCondor-users] condor_ssh_to_job
On Thu, Aug 22, 2013 at 10:38 AM, Rich Pieri <ratinox@xxxxxxx> wrote:
> Gabriel Mateescu wrote:
>> That would be too drastic. However,
>> a more specific error message when
>> the job runs as nobody, e.g., "make
>> sure user nobody has a valid shell"
>> could help.
> The nobody account must not have a login shell. This is fundamental UNIX
> (and especially NFS) security. Any test for a login shell for the nobody
> account is unnecessary; such tests must never return true results.
> Dimitri's suggestion to die if job's EUID == nobody is correct.
Perhaps "never return true" is too strong,
but in most cases, nobody will not have