[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ssh_to_job

On 08/22/2013 01:05 PM, Todd Tannenbaum wrote:

> Maybe it would be best to get rid of HTCondor's use of user "nobody" in
> the first place. To do so would require giving HTCondor a range of
> UIDs/GIDs upon installation which could then be used to setup slot
> users...

I think there's 2 distinct issues: one is the use of "nobody" that makes
it impossible to ssh_to_job. You only need one UID to fix that.

The other is per-slot users. I'm not sure I buy the "trample over other
nobody's jobs' files" argument: if you sandbox each job properly in its
own per-pid (chroot'ed?) filespace, that should take some serious
effort, and you still have to have UID_DOMAIN or copy over /etc/passwd
files, and so on and so forth, -- but either way as long as none of
those users is "special", that shouldn't matter to condor_ssh_to_job.

Dimitri Maziuk
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachment: signature.asc
Description: OpenPGP digital signature