[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Permission issues



Hi Peter,

I just discussed this with a couple of the other developers here. Our guess is that because Centos 6 uses init to launch processes, and Centos 7 uses systemd, the latter probably has more restrictive default security settings.

What's the default umask value on your execute nodes? You can tell this by running "umask" from a terminal. I'm also using Centos 7 over here and the default value is 0022, which based on my understanding, means that files by default are written with 755 permissions and hence cannot be written to by users who aren't owners.

A first thing to try would be set your USER_JOB_WRAPPER configuration option to a shell script which sets the umask value to 0000 (umask 0000). This should write files to NFS with 777 permissions which then everybody can write to. If this works, you can then tweak it to the exact security settings you want.

Please give this a try and let us know. If that doesn't fix it we can look into other approaches.

Mark

On Tue, Aug 7, 2018 at 2:34 AM, Peter Ellevseth <Peter.Ellevseth@xxxxxxxxxx> wrote:

Gents, any thoughts?

Â

Regards,

Peter

Â

From: HTCondor-users <htcondor-users-bounces@cs.wisc.edu> On Behalf Of Peter Ellevseth
Sent: onsdag 11. juli 2018 10.25
To: htcondor-users@xxxxxxxxxxx
Subject: [HTCondor-users] Permission issues

Â

Hello all

Â

I am having some difficulties with permissions when running jobs in condor. We are several users accessing the cluster, and I need files to be accessible by everyone. We have a main file-server and several worker-machines, accessing the file server via NFS. If I create some file (touch somefile) this gets correct permissions, and other users can write to it. If I use nfs4_getfacl I get permissions ârwatcyâ as I expect. However, when I submit a job to condor, the files created there get permissions ârtcyâ, and as such are not writable by other users. Are there any settings in condor I need to set, in order to achieve this?

Â

I have local config files per host, where the CONDOR_IDs are set to the condor user. Condor is started via systemctl. The condor user is not a member of the group that all the main users are; is that an issue? When I type âcondor_status -master | grep Uidâ I get âRealUid = 0â which tells me that condor is running as root and as such should have all permission, correct?

Â

We have recently updated from Centos 6, and this problem arose when we updated to Centos 7. We are using condor version 8.6.11.

Â

Regards,

Peter

Â

Image removed by sender. http://signature.safetec.no/images/SafeTec_Logo2.jpg

Peter Ellevseth

Senior Safety Engineer / Senior sikkerhetsingeniÃr
Dir: +47 93 43 56 01 / Tel: +47 51 93 92 20 (Stavanger)
peter.ellevseth@xxxxxxxxxx
www.safetec.no


Image removed by sender. http://signature.safetec.no/images/fbnew.pngÂImage removed by sender. http://signature.safetec.no/images/linnew.png

Â

Visste du at i 2017 satt kun 60 % av alle drepte i trafikken i en bil? De resterende var enten syklister, fotgjengere eller moped/motorsyklister. Sjekk din kommune her

Â


_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@cs.wisc.edu with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/



--
Mark Coatsworth
Systems Programmer
Center for High Throughput Computing
Department of Computer Sciences
University of Wisconsin-Madison
+1 608 206 4703