Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] jobs getting run as nobody

Date: Wed, 10 Feb 2016 12:03:58 -0500
From: Michael V Pelletier <Michael.V.Pelletier@xxxxxxxxxxxx>
Subject: Re: [HTCondor-users] jobs getting run as nobody

From: John M Knoeller <johnkn@xxxxxxxxxxx>
Date: 02/10/2016 10:46 AM
> Did You have
> STARTER_ALLOW_RUNAS_OWNER = TRUE
> On the execute side?

Speaking of which, is there a "starter_REQUIRE_runas_owner" knob? Under classified information systems every action on a system must be accountable to the individual who took the action, and thus far that's been easiest to accomplish by having jobs on exec nodes run under the submitters' accounts.

I've been using a system periodic hold based on runas_owner=false in the job ClassAd to enforce that, but if there's an easier way I haven't found it yet.

-Michael Pelletier.

Follow-Ups:
- Re: [HTCondor-users] jobs getting run as nobody
  - From: Brian Bockelman
- Re: [HTCondor-users] jobs getting run as nobody
  - From: Iain Bradford Steers

References:
- [HTCondor-users] jobs getting run as nobody
  - From: Francisco Pereira
- Re: [HTCondor-users] jobs getting run as nobody
  - From: John M Knoeller

Prev by Date: Re: [HTCondor-users] jobs getting run as nobody
Next by Date: [HTCondor-users] is having domain name required?
Previous by thread: Re: [HTCondor-users] jobs getting run as nobody
Next by thread: Re: [HTCondor-users] jobs getting run as nobody
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] jobs getting run as nobody