[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Error trying to set Owner attribute to Computing On Demand (COD) job.



Dear John,

Is it possible to overcome this limitation somehow? Actually, we are building and app which uses HT Condor as a calculation runtime and all appâs services (read HT Condo clients) always run from a single user âserverâ. We need to somehow impersonate real cluster users when we do requests to HT Condor. We succeeded in this with vanilla and universe jobs. Isnât this possible with COD tasks?

All the best,
Alexander A. Prokhorov



On 8 Aug 2019, at 21:33, John M Knoeller <johnkn@xxxxxxxxxxx> wrote:

You must set the Owner attribute to the same username that your python script is running as, anything else
would be a security violation
 
-tj
 
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of don_vanchos
Sent: Thursday, August 8, 2019 11:15 AM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] Error trying to set Owner attribute to Computing On Demand (COD) job.
 
Hello,
 
I am using python API for COD jobs and simple example is:
claim = htcondor.Claim(slot_ad)
claim.requestCOD()
job = {
"Cmd": "/bin/echo",
"JobUniverse": 5,
"Iwd": "/some/dir",
"Out": "test.out",
"Err": "test.err",
"StarterUserLog": "test.log",
"Owner": "user101",
"Args": "hello world",
}
claim.activate(job)

After that I get the following error (from `htcondor.enable_debug()`):
```
08/08/19 15:39:29 (fd:4) (pid:6314) (D_HOSTNAME) IsLocal: N, IdStr: startd at <192.168.128.6:9618>, Error: Owner specified in ClassAd as 'user101' yet request sent by user 'rootusr', possible security attack, request refused!
```

How can I make a cod-job run from a specific user? If I cannot make activation from another user, what is the effect of the `Owner` attribute?
 

My settings:
QUEUE_SUPER_USERS = $(QUEUE_SUPER_USERS) rootusr
VALID_COD_USERS = $(QUEUE_SUPER_USERS)
 
-- 
Sincerely yours,
Ivan Ergunov                                                 mailto:hozblok@xxxxxxxxx
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/