On 05/16/2017 02:17 PM, Zhuo Zhang wrote:
Another finding is that inside docker container, whoami shows I am root. But when the docker image sent to condor, whoami shows my user id, not root's. This caused some permission denied issue.
For security reasons, HTCondor will launch the process in the docker container as a non-root user. There are still concerns that a root process within the container could break out and get to root on the host machine. There are ways in condor to allow docker universe jobs to run with privileges, but we'd advise most user jobs to run as non-root.