Hi Santanu,
What is the advantage of this scheme?
cheers
alessandra
On Fri, 26 Jan 2007, Santanu Das wrote:
> Here we have created special user(s) for Condor to own and run the job.
> the policy is one user per CPU, namely condor_user1, condor_user2 and so
> on. So, whoever submits the job (and/or mapped to whatever pool user),
> when jobs go to execute nodes (WNs), jobs run as one of the
> condor_users. Below is the working directory of a ops job. Piotr Nyczyk
> mapped to ops004 here:
>
> Notice: 5: "/C=CH/O=CERN/OU=GRID/CN=Piotr Nyczyk 6217" mapped to ops004 (18004/2788)
> LCMAPS 6: 2007-01-26.09:03:53.882750.0000002525.0000003699 : lcmaps_plugin_posix_enf-log_cred(): uid=18004(ops004):pgid=2788(ops)
> Notice: 5: Authorized as local user: ops004
>
>
> and this is what we get on the WN the job is running.
>
> [root@farm002 ops004]# ll /home/ops004
> total 16
> drwx------ 5 condor_user1 cd677 4096 Jan 26 09:10 globus-tmp.farm002.31375.0
> drwx------ 2 condor_user1 cd677 4096 Jan 26 09:10 globus-tmp.farm002.31375.1
> drwx------ 2 condor_user1 cd677 4096 Jan 26 09:10 globus-tmp.farm002.31375.2
> drwxr-xr-x 10 condor_user1 cd677 4096 Jan 26 09:10 WMS_farm002_031845_https_3a_2f_2frb113.cern.ch_3a9000_2fr8p-iRllZxekprg55_5fECUQ
>
> condor_user1, condor_user2 etc. belong to the group cd677 (which is dedicated to condor_user) and the home directories are group writable.
>
> cheers,
> Santanu
>
>
>
> On Fri, 2007-01-26 at 06:34 +0000, Gordon, JC (John) wrote:
> > So who do the jobs run as? Who will own any files they create? How will
> > you keep track for audit purposes?
> >
> > John
> >
> > -----Original Message-----
> > From: Testbed Support for GridPP member institutes
> > [mailto:[log in to unmask]] On Behalf Of Santanu Das
> > Sent: 26 January 2007 00:44
> > To: [log in to unmask]
> > Subject: pool accounts on WNs
> >
> > Hi all,
> >
> > I was doing some experiments with pool accounts and Condor here and I
> > ended up seeing that jobs can run pretty well on a WN only with the home
> > directory space (e.g. /home/atlas001 etc.) without having the actual
> > pool account on the node i.e. in the end, I deleted the pool account,
> > keeping only the home directory, and jobs were still fine; at lest for
> > atlas jobs, we didn't see any problem.
> >
> > Frederic (Brochu) I tried with couple of Atlas jobs and all of them
> > completed successfully. In fact, last couple of jobs from Steve Lloyd
> > finished that way too. (Steve, did you see any problem from your side?)
> >
> > Dose anybody know any possible side effect(s) of doing this? Or any
> > other suggestions/warnings from anybody?
> >
> > Cheers,
> > Santanu
> >
> >
> --
> Santanu Das <[log in to unmask]>
> HEP, Cavendish Laboratory
>
Alessandra Forti
NorthGrid Technical Coordinator
University of Manchester
|