[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ssh_to_job

On Thu, Aug 22, 2013 at 10:38 AM, Rich Pieri <ratinox@xxxxxxx> wrote:
> Gabriel Mateescu wrote:
>> That would be too drastic. However,
>> a more specific error message when
>> the job runs as nobody, e.g., "make
>> sure user nobody has a valid shell"
>> could help.
> The nobody account must not have a login shell. This is fundamental UNIX
> (and especially NFS) security. Any test for a login shell for the nobody
> account is unnecessary; such tests must never return true results.
> Dimitri's suggestion to die if job's EUID == nobody is correct.

Perhaps "never return true" is too strong,
but in most cases, nobody will not have
a shell.