[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] jobs getting run as nobody
- Date: Wed, 10 Feb 2016 17:10:25 +0000
- From: Iain Bradford Steers <iain.steers@xxxxxxx>
- Subject: Re: [HTCondor-users] jobs getting run as nobody
Depending how new the version of condor youâre running is. SUBMIT_REQUIREMENTS may be useful. (Think they were added end 8.3)
It doesnât protect against condor_qedit so youâd still need the periodic hold, but it would at least stop jobs entering with it on the schedd.
From: John M Knoeller <johnkn@xxxxxxxxxxx>
Date: 02/10/2016 10:46 AM
> Did You have
> STARTER_ALLOW_RUNAS_OWNER = TRUE
> On the execute side?
Speaking of which, is there a "starter_REQUIRE_runas_owner"
knob? Under classified information systems every action on a system must
be accountable to the individual who took the action, and thus far that's
been easiest to accomplish by having jobs on exec nodes run under the submitters'
I've been using a system periodic hold based on runas_owner=false
in the job ClassAd to enforce that, but if there's an easier way I haven't
found it yet.
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx
You can also unsubscribe by visitinghttps://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
Description: S/MIME cryptographic signature