[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] job does not run
- Date: Tue, 18 Jun 2019 18:38:10 +0000
- From: Todd Tannenbaum <tannenba@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] job does not run
On 6/18/2019 12:33 AM, Valerio Bellizzomi wrote:
> can we find a way to tell condor_startd to start as root and to launch
> programs as root ?
Assuming you install HTCondor via native distribution packaging (i.e.
via RPM, DEB) as described here:
your condor_startd will already be running as root by default. This is
so HTCondor can launch jobs as different users. BTW, unless you have a
good reason, using the native packages at the above link is definitely
the preferred route to install HTCondor.
However, even with the condor_startd running as root, currently HTCondor
is hard coded to never launch a job as user root (UID=0). There is
currently no configuration that will tell HTCondor otherwise. This fact
allows many system administrators to sleep better at night :).
If you really wanted, I you could explicitly work around this by giving
sudo access to whatever user accounts (uids) are being used to run jobs
on your machines. Then your job could use sudo to perform actions with
root access. With sudo, you could limit what actions jobs could perform
as root and also have audit logs available.