Re: [HTCondor-users] Permission issues

[Peter Ellevseth <Peter.Ellevseth@xxxxxxxxxx>]

Mark

 

Thank you for replying.

 

My default umask seems to be 0002, which is a bit confusing since, as you say, this is not the default for Centos 7.

 

I have changed the worker nodes to mount using nfs version 3 for the time being. This has solved the issue. I will try out your suggestion later with USER_JOB_WRAPPER and version 4 for NFS.

 

Regards,

Peter

 

From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of Mark Coatsworth
Sent: onsdag 8. august 2018 23.46
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Permission issues

 

Hi Peter,

 

I just discussed this with a couple of the other developers here. Our guess is that because Centos 6 uses init to launch processes, and Centos 7 uses systemd, the latter probably has more restrictive default security settings.

 

What's the default umask value on your execute nodes? You can tell this by running "umask" from a terminal. I'm also using Centos 7 over here and the default value is 0022, which based on my understanding, means that files by default are written with 755 permissions and hence cannot be written to by users who aren't owners.

 

A first thing to try would be set your USER_JOB_WRAPPER configuration option to a shell script which sets the umask value to 0000 (umask 0000). This should write files to NFS with 777 permissions which then everybody can write to. If this works, you can then tweak it to the exact security settings you want.

 

Please give this a try and let us know. If that doesn't fix it we can look into other approaches.

 

Mark

 

On Tue, Aug 7, 2018 at 2:34 AM, Peter Ellevseth <Peter.Ellevseth@xxxxxxxxxx> wrote:

Gents, any thoughts?

 

Regards,

Peter

 

From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of Peter Ellevseth
Sent: onsdag 11. juli 2018 10.25
To: htcondor-users@xxxxxxxxxxx
Subject: [HTCondor-users] Permission issues

 

Hello all

 

I am having some difficulties with permissions when running jobs in condor. We are several users accessing the cluster, and I need files to be accessible by everyone. We have a main file-server and several worker-machines, accessing the file server via NFS. If I create some file (touch somefile) this gets correct permissions, and other users can write to it. If I use nfs4_getfacl I get permissions ârwatcyâ as I expect. However, when I submit a job to condor, the files created there get permissions ârtcyâ, and as such are not writable by other users. Are there any settings in condor I need to set, in order to achieve this?

 

I have local config files per host, where the CONDOR_IDs are set to the condor user. Condor is started via systemctl. The condor user is not a member of the group that all the main users are; is that an issue? When I type âcondor_status -master | grep Uidâ I get âRealUid = 0â which tells me that condor is running as root and as such should have all permission, correct?

 

We have recently updated from Centos 6, and this problem arose when we updated to Centos 7. We are using condor version 8.6.11.

 

Regards,

Peter

 

Peter Ellevseth

Senior Safety Engineer / Senior sikkerhetsingeniÃr
Dir: +47 93 43 56 01 / Tel: +47 51 93 92 20 (Stavanger)
peter.ellevseth@xxxxxxxxxx
www.safetec.no

 

 

Visste du at i 2017 satt kun 60 % av alle drepte i trafikken i en bil? De resterende var enten syklister, fotgjengere eller moped/motorsyklister. Sjekk din kommune her

 

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

 

--

Mark Coatsworth

Systems Programmer

Center for High Throughput Computing

Department of Computer Sciences

University of Wisconsin-Madison

+1 608 206 4703