Re: [HTCondor-users] Changing condor_submit generated file owner/permissions

[Max Fischer <mfischer@xxxxxxxxxxxxxxxxxxxx>]

Hi,

yes, the shared disk is mounted with root-squash. Condor master is 
running as user condor. We have two use cases now:

We did run solely with condor_submit -remote for a couple months and 
this worked flawlessly.
We recently started experimenting with ssh based Remote Condor and 
encountered the problem mentioned. This is mainly motivated by a tool in 
use by the collaboration only supporting ssh based remote access but 
also by the goal of providing access without any need for local condor 
tools.

So far, we are experimenting in how far we can actually benefit from the 
shared file system/user space and in how far it simply complicates matters.

Cheers,
Max

On 02/06/2013 04:31 PM, Todd Tannenbaum wrote:
> On 2/6/2013 3:49 AM, Max Fischer wrote:
> > Hi,
> >
> > we've been running a condor pool with user access through condor's
> > inbuilt -remote functionality and would now like to expand its access to
> > ssh/gsissh based on Remote HTCondor. The problem we are facing is due to
> > the fact that we can't have condor running as true root for our shared
> > disk nor do the user accounts share the same user group as condor (the
> > user database is imported with LDAP and we can't add condor to it).
> > When submitting a job as a regular user, condor_submit will pre-create
> > the expected output files with the user persona. With both the default
> > condor_submit and setgid condor_submit, these are not accessible by
> > condor. Is there a way to prevent condor_submit from creating the files
> > and have the condor daemons create them when they have to?
>
> I believe you can disable this behavior of condor_submit by adding the 
> following line to your job submit file:
>
>   skip_filechecks = true
>
> Having answered that, I still do not understand the motivating 
> problem. Do I understand the above correctly:
>   1. you are doing a condor_submit -remote to some server machine 
> where the schedd is running
>   2. the schedd machine has a shared file system mounted, and it is 
> mounted with root-squash such that processes running with effective 
> uid of root have no read/write access
>
> Now, on the server where the schedd is running, was the condor_master 
> process started as root?  If so, seems to me like everything should 
> work, and I don't understand the difficulties you are encountering, 
> because the HTCondor daemons should only attempt to read/write files 
> like job stdout/err as the submiting user (not as user root).  If the 
> condor_master process is not started as root (but started as user 
> condor for instance), then I understand your problems above.
>
> regards,
> Todd
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx 
> with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/