From the HTCondor documentation:
"Note that the user condor must not be an account into which a person can log in. If a person can log in as user condor, it permits a major security breach, in that the user condor could submit jobs that run as any other user, providing complete access to the user's data by the jobs. A standard way of not allowing log in to an account on Unix platforms is to enter an invalid shell in the password file."
I am unable to use the condor due to issues with the AFS file sharing system and the problem that only one user per machine can mount a network drive. ÂTherefore, when I set up a user condor and do not permit them to log in, then start the condor daemons as root, when the condor daemon tries to access the mounted network drives as the user 'condor' it is unable too because they were mounted as a different user.
I would like to just have condor run as the user that mounts the drives. ÂIs it ok that this account can be logged into? ÂWhy is this a major security breach and how can I make this type of set up secure.
Thanks!
Mike
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}