Mailing List Archives
Public Access
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Different groupids on submit host and execute node possible ?
- Date: Fri, 29 Jul 2016 12:52:01 -0500
- From: Brian Bockelman <bbockelm@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Different groupids on submit host and execute node possible ?
Hi Yves,
Hereâs what I would do if it were my site:
1) Write a small setuid program and add it to the USER_JOB_WRAPPER. Have it pick from one of the available group names based on the group name in the ClassAd, then execute the program with the appropriate UID / GID.
- Have the group name recorded at submit time.
- I donât know what issues you ran into originally, but it should be able to get this to work reliably.
2) Engage with the HTCondor team for a longer-term solution. Now is an opportune time. They are currently working on the basic primitives for modeling group membership in HTCondor on the schedd side: it would make a ton of sense to think what group membership means on the execute side as well!
Brian
> On Jul 28, 2016, at 10:33 AM, Yves Kemp <yves.kemp@xxxxxxx> wrote:
>
> Hi Brian,
>
> the intended use is the following:
> We have many users that work in different projects.
> Each project has its own work-group-server where people develop code, test, and submit jobs.
> Each project also has its own NFS server/space where people within the project share files.
>
> It has turned out that people are very bad at setting or changing appropriate group ownerships of their files.
> So, they write files, the files belong to their primary group, even if this is not the project they intended.
> We have tried the SETGID bit on filesystem level, but it turned out this did not work reliably.
>
> We currently have a system where the primary group is set at login time via SSSD on the work-group-server.
> The current batch system (still SoGE) takes the primary group id used at submit time to execute the job.
>
> Best,
>
> Yves
>
>> On 27 Jul 2016, at 21:03, Brian Bockelman <bbockelm@xxxxxxxxxxx> wrote:
>>
>> Hi Christoph,
>>
>> I canât think of any clean HTCondor way to do this. The GID is always taken from the worker node.
>>
>> That said, you might be able to write a small executable with the CAP_SETGID file capability, then add this to your siteâs USER_JOB_WRAPPER.
>>
>> Can you describe the use case a bit more? We might be able to come up with a workaround that doesnât require this...
>>
>> Brian
>>
>>> On Jul 27, 2016, at 5:14 AM, Beyer, Christoph <christoph.beyer@xxxxxxx> wrote:
>>>
>>>
>>> Hi,
>>>
>>> I am looking for a solution that will allow to ignore the primary gid of the jobowner on the executenode and use the 'active'/different gid the user had at submit time on the submit host.
>>>
>>> Is there a knob for that ?
>>>
>>> best regards
>>> ~christoph
>>>
>>>
>>> --
>>> /* Christoph Beyer | Office: Building 2b / 23 *\
>>> * DESY | Phone: 040-8998-2317 *
>>> * - IT - | Fax: 040-8994-2317 *
>>> \* 22603 Hamburg | http://www.desy.de */
>>> _______________________________________________
>>> HTCondor-users mailing list
>>> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
>>> subject: Unsubscribe
>>> You can also unsubscribe by visiting
>>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>>
>>> The archives can be found at:
>>> https://lists.cs.wisc.edu/archive/htcondor-users/
>>
>>
>> _______________________________________________
>> HTCondor-users mailing list
>> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
>> subject: Unsubscribe
>> You can also unsubscribe by visiting
>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>
>> The archives can be found at:
>> https://lists.cs.wisc.edu/archive/htcondor-users/
>
> # Dr. Yves Kemp
> # Desy IT # room 2b/008
> # Notkestr. 85 # D-22607 Hamburg
> # Fon: +49-(0)40-8998-2318 # Fax: +49-(0)40 8994-2318
>
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/