Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Wading into Windows HTCondor - what's the most important thing you wish you'd known?
- Date: Thu, 01 Sep 2016 18:32:12 +0000
- From: John M Knoeller <johnkn@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Wading into Windows HTCondor - what's the most important thing you wish you'd known?
If you ignore the issue with writing to the registry, then (I think) this is pretty small change to the code. A bit harder if you don't want to break the normal load_profile code path, but still not that hard.
The relevant code is in src/condor_utils/profile.WINDOWS.cpp and src/condor_starter.V6.1/os_proc.cpp
(look for owner_profile_.load () in os_proc.cpp)
We always run the profile loading code as LOCAL_SYSTEM, but I have no idea what level of privilege is actually needed to load your own profile.
-tj
-----Original Message-----
From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Jens Schmaler
Sent: Thursday, September 1, 2016 1:03 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Wading into Windows HTCondor - what's the most important thing you wish you'd known?
Hi tj,
thanks for looking into this! I understand that HTCondor cannot prevent the job from writing to the registry. On the other hand: If a user chooses to run a job on his own behalf, he probably accepts that the job can do anything he himself could do, right? In this sense, if the user had the option of requiring "load_profile", this would sound acceptable to me.
Do you have a feeling of how difficult it would be to change this? I could even imagine to modify and compile my own version of HTCondor for this feature.
Another idea that comes to my mind: Shouldn't I have the permission to load my registry hive myself later, in the context of my jobs (e.g. by some kind of pre-script)?
Thanks and best regards,
Jens
Am 01.09.16 um 19:12 schrieb John M Knoeller:
> I did some digging on this one, and It appears that HTCondor doesn't
> load the registry for run-as-owner because we can't prevent the job
> from WRITING to the registry, nor do we have code to reset the
> registry back to its pre-job state.
>
> for condor-slot users we create a fresh registry from the default user
> for each job that requests load_profile, so for load_profile we have
> no need to clean out a registry.
>
> -tj
>
> -----Original Message----- From: HTCondor-users
> [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Jens Schmaler
> Sent: Thursday, September 1, 2016 11:22 AM To:
> HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx> Subject: Re:
> [HTCondor-users] Wading into Windows HTCondor - what's the most
> important thing you wish you'd known?
>
> Hi Michael,
>
> it may not be the most important, but one rather special thing comes
> to my mind here which still causes us a lot of headache and came as a
> surprise:
>
> If you need to run your jobs as owner (=submitting user), the windows
> registry hive of that user will not be loaded for the job session. If
> your jobs need registry access, you are in trouble. Unfortunately, it
> seems that there are currently no plans to change this, probably
> because it is a rather rare combination of requirements.
>
> Best, Jens
>
>
> Am 31.08.16 um 22:52 schrieb Michael V Pelletier:
>> Hello everyone,
>>
>> It's looking like I'm going to need to delve into the world of
>> Windows HTCondor, and I was wondering if any of you who've done so
>> before could offer suggestions on what the most important thing you
>> wish you'd known about that platform before starting?
>> Authentication / authorization items, file transfer and path
>> oddities, etc?
>>
>> Thanks!
>>
>> -Michael Pelletier. _
>>
>> _______________________________________________ HTCondor-users
>> mailing list To unsubscribe, send a message to
>> htcondor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You
>> can also unsubscribe by visiting
>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>
>> The archives can be found at:
>> https://lists.cs.wisc.edu/archive/htcondor-users/
>>
> _______________________________________________ HTCondor-users mailing
> list To unsubscribe, send a message to
> htcondor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can
> also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/
> _______________________________________________ HTCondor-users mailing
> list To unsubscribe, send a message to
> htcondor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can
> also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/
>
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/