[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Changing condor_submit generated file owner/permissions

On 2/6/2013 3:49 AM, Max Fischer wrote:

we've been running a condor pool with user access through condor's
inbuilt -remote functionality and would now like to expand its access to
ssh/gsissh based on Remote HTCondor. The problem we are facing is due to
the fact that we can't have condor running as true root for our shared
disk nor do the user accounts share the same user group as condor (the
user database is imported with LDAP and we can't add condor to it).
When submitting a job as a regular user, condor_submit will pre-create
the expected output files with the user persona. With both the default
condor_submit and setgid condor_submit, these are not accessible by
condor. Is there a way to prevent condor_submit from creating the files
and have the condor daemons create them when they have to?

I believe you can disable this behavior of condor_submit by adding the following line to your job submit file:

  skip_filechecks = true

Having answered that, I still do not understand the motivating problem. Do I understand the above correctly: 1. you are doing a condor_submit -remote to some server machine where the schedd is running 2. the schedd machine has a shared file system mounted, and it is mounted with root-squash such that processes running with effective uid of root have no read/write access

Now, on the server where the schedd is running, was the condor_master process started as root? If so, seems to me like everything should work, and I don't understand the difficulties you are encountering, because the HTCondor daemons should only attempt to read/write files like job stdout/err as the submiting user (not as user root). If the condor_master process is not started as root (but started as user condor for instance), then I understand your problems above.