Tokens used for daemon authentication should be readable only by root

Description

When HTCondor daemons access or create tokens (in /etc/condor/tokens.d), they do so as user "condor". This patch will switch to using root instead, resulting in these tokens being readable only by root. This makes tokens match the security model used by all other credential mechanisms, such as pool password or SSL host certs.

Activity

Show:
Todd Tannenbaum
March 24, 2021, 3:29 PM

Issues in code review addressed (i.e. docs updated), resolving.

Tim Theisen
March 22, 2021, 10:33 AM

code review: Looks good. Doesn't this require at least a version history entry since observable behavior has change and admins may set the ownership to condor based on past experience.

Time remaining

0m

Assignee

Todd Tannenbaum