Re: [HTCondor-users] Help on running HTCondor as root

[Francesco Prelz <Francesco.Prelz@xxxxxxxxxx>]

On Fri, 16 Oct 2015, Greg Thain wrote:

> Perhaps I'm missing something, but can you start Condor as a non-root user?

To the best of my understanding (as I don't know -yet- all the 
details of Tommaso's work) he *was* trying to run as a nonpriv user,
but as he was accessing most of the system install via Parrot, the 
setuid-root bit in some of the system (or CMS) utilities was getting 
squashed, leading him to desperately try running with USER_FINAL==root.
I do believe that condor will staunchly prevent that...

However, back in 2009 I contributed into Parrot a nice patch to handle
a local overlay cache and that could become useful here. If the
Parrot mountfile (or equivalent -M option) has an entry that looks
lihe this:
/path/to/dir/of/suid/tools  lcache:/another/path/to/a/local/dir/with/a/few/suid/tool/shipped/with/the/job|/parrot/remote/path/to/dir/of/suid/tools

where /another/path/...  points to a small tree (local to the VM running 
Condor) containing all and only the needed setuid-root utilities, this 
should do the trick. Specifying LOCAL in the Parrot mountfile can also 
help, but that gets applied to a full path, so would require to list all 
the setuid-root files.
There may be better ways, we'll try...

Francesco Prelz
INFN - Milan