[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] How to run jobs as root

On Mon, Nov 03, 2014 at 10:31:39AM -0500, Rich Pieri wrote:
> On 11/3/14 12:03 AM, Abhay Dandekar wrote:
> > Also, is there any way to by submission of jobs via non-root. Idea
> > being, if the job is submitted via root, the job will be executed as root.

HTCondor currently has a number of mechanisms and checks to make sure that jobs
are not launched as root, as long ago it was decided that this was the safest
thing to do.

However, there are valid reasons for wishing to do so, for example launching
virtual machines.  But at the moment there is no way to have HTCondor launch
a job as root.

My suggestion is something along the lines of:
  1) Create a regular user, such as "croot" that has regular user privs
  2) Submit your root jobs as that user.
  3) Create a USER_JOB_WRAPPER that *CAREFULLY* checks to see if it's running
     as "croot" and uses a setuid executable to escalate to root priv before
     running the actual job.