Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] jobs getting run as nobody

Hi Michael,

Depending how new the version of condor youâre running is. SUBMIT_REQUIREMENTS may be useful. (Think they were added end 8.3)

It doesnât protect against condor_qedit so youâd still need the periodic hold, but it would at least stop jobs entering with it on the schedd.

Cheers, Iain

On Feb 10, 2016, at 18:03, Michael V Pelletier <Michael.V.Pelletier@xxxxxxxxxxxx> wrote:

From: John M Knoeller <johnkn@xxxxxxxxxxx>
Date: 02/10/2016 10:46 AM
 
> Did You have
> STARTER_ALLOW_RUNAS_OWNER = TRUE
> On the execute side?

Speaking of which, is there a "starter_REQUIRE_runas_owner" knob? Under classified information systems every action on a system must be accountable to the individual who took the action, and thus far that's been easiest to accomplish by having jobs on exec nodes run under the submitters' accounts.

I've been using a system periodic hold based on runas_owner=false in the job ClassAd to enforce that, but if there's an easier way I haven't found it yet.

        -Michael Pelletier. _______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

Attachment: smime.p7s
Description: S/MIME cryptographic signature