[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Help on running HTCondor as root

On Fri, 16 Oct 2015, Greg Thain wrote:

Perhaps I'm missing something, but can you start Condor as a non-root user?

To the best of my understanding (as I don't know -yet- all the details of Tommaso's work) he *was* trying to run as a nonpriv user, but as he was accessing most of the system install via Parrot, the setuid-root bit in some of the system (or CMS) utilities was getting squashed, leading him to desperately try running with USER_FINAL==root.
I do believe that condor will staunchly prevent that...

However, back in 2009 I contributed into Parrot a nice patch to handle
a local overlay cache and that could become useful here. If the
Parrot mountfile (or equivalent -M option) has an entry that looks
lihe this:
/path/to/dir/of/suid/tools  lcache:/another/path/to/a/local/dir/with/a/few/suid/tool/shipped/with/the/job|/parrot/remote/path/to/dir/of/suid/tools

where /another/path/... points to a small tree (local to the VM running Condor) containing all and only the needed setuid-root utilities, this should do the trick. Specifying LOCAL in the Parrot mountfile can also help, but that gets applied to a full path, so would require to list all the setuid-root files.
There may be better ways, we'll try...

Francesco Prelz
INFN - Milan