Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] How to run jobs as root

Date: Mon, 3 Nov 2014 09:53:59 -0600
From: Zachary Miller <zmiller@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] How to run jobs as root

On Mon, Nov 03, 2014 at 10:31:39AM -0500, Rich Pieri wrote:
> On 11/3/14 12:03 AM, Abhay Dandekar wrote:
> > Also, is there any way to by submission of jobs via non-root. Idea
> > being, if the job is submitted via root, the job will be executed as root.

HTCondor currently has a number of mechanisms and checks to make sure that jobs
are not launched as root, as long ago it was decided that this was the safest
thing to do.

However, there are valid reasons for wishing to do so, for example launching
virtual machines.  But at the moment there is no way to have HTCondor launch
a job as root.

My suggestion is something along the lines of:
  1) Create a regular user, such as "croot" that has regular user privs
  2) Submit your root jobs as that user.
  3) Create a USER_JOB_WRAPPER that *CAREFULLY* checks to see if it's running
     as "croot" and uses a setuid executable to escalate to root priv before
     running the actual job.

Cheers,
-zach

Follow-Ups:
- Re: [HTCondor-users] How to run jobs as root
  - From: Rich Pieri

References:
- [HTCondor-users] How to run jobs as root
  - From: Abhay Dandekar
- Re: [HTCondor-users] How to run jobs as root
  - From: Rich Pieri

Prev by Date: [HTCondor-users] Getting DAG node to fail on file transfer error
Next by Date: Re: [HTCondor-users] Getting DAG node to fail on file transfer error
Previous by thread: Re: [HTCondor-users] How to run jobs as root
Next by thread: Re: [HTCondor-users] How to run jobs as root
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] How to run jobs as root