Re: [HTCondor-users] job does not run

[Todd Tannenbaum <tannenba@xxxxxxxxxxx>]

On 6/18/2019 12:33 AM, Valerio Bellizzomi wrote:
> Hi,
> can we find a way to tell condor_startd to start as root and to launch
> programs as root ?
> 
> Thanks.
> 

Assuming you install HTCondor via native distribution packaging (i.e. 
via RPM, DEB) as described here:

   https://research.cs.wisc.edu/htcondor/instructions/

your condor_startd will already be running as root by default.  This is 
so HTCondor can launch jobs as different users.  BTW, unless you have a 
good reason, using the native packages at the above link is definitely 
the preferred route to install HTCondor.

However, even with the condor_startd running as root, currently HTCondor 
is hard coded to never launch a job as user root (UID=0).  There is 
currently no configuration that will tell HTCondor otherwise.  This fact 
allows many system administrators to sleep better at night :).

If you really wanted, I you could explicitly work around this by giving 
sudo access to whatever user accounts (uids) are being used to run jobs 
on your machines.  Then your job could use sudo to perform actions with 
root access.  With sudo, you could limit what actions jobs could perform 
as root and also have audit logs available.

regards
Todd