[X-Unix] Application 'launch-cache'...

Fri May 21 08:20:10 PDT 2004

On 19 May, 2004, at 20:26, luke wrote:
> i am still quite confused as to how this xgrid thing is supposed to 
> work if the agent is 99% powerless - permissions-wise...

There are two answers here. One if Xgrid is being run on a collection 
of unused "office machines" at night; and the other if Xgrid is being 
run on a dedicated group of machines.

For the group of office machines, think of SETI at home. Basically the 
machines (users) being used are willing to give up CPU cycles for the 
project, but not control of the machine. Consequently, there is very 
little which the agent is permitted to do. This is also for security 
issues. If the agent were cracked or hacked, then so is their machine.

In a dedicated cluster, you can make Xgrid run anyway you want to. You 
can turn off all permissions checking, run everybody as root, etc. (A 
dedicated cluster is one which is in a locked room and NOT connected to 
the Internet.)

Something like Xgrid is not assumed to be an "out-of-the-box," 
"the-user-is-really-stupid" kind of solution. There is an underlying 
assumption that you can "play dumb" and it will work as advertised when 
it installs "out-of-the-box" -- if you insist. But the parallel 
assumption is that anybody who is attempting to use this kind of 
software possesses "above average knowledge" about their systems and 
can make necessary modifications to allow "what they want to happen."

One thing which you could do if this is a dedicated cluster -- for any 
NON-boot device, you can do a "get info" on the volume and check the 
"ignore permissions for this volume" box under permissions. However, 
this is not a good idea in general. It is a major security issue.

As for the remotely launched application accessing something in 
/private/var/root -- that doesn't sound good period! Unless the 
application is actually running as root, there is NEVER a reason for it 
to access anything in root's home directory. This is true even on a 
stand-alone system. There is, or should not be, ANYTHING in 
/private/var/root that any user on the system would ever need to 
access.  Is the application installed correctly? If it is installed 
that way by the agent, that may be an actual bug.

Again, I don't know Xgrid itself, but one assumes that the agent is 
simply running as a daemon, and it's up to you to configure whatever it 
is that the daemon is going to do. Should it run as "nobody? An 
interesting question. I suspect that it should not. "Nobody" is 
intended as a way to prevent undefined things from defaulting to 
something defined. Most all "inter-system" communications programs 
define a special userid for themselves -- like CUPS, Mail or Apache. So 
this sounds like a configuration isssue.

One assumes that by now there is an Xgrid mailing list or discussion 
group someplace. (Apple has a mailing list, but no forum.) For what 
it's worth -- if you search for xgrid in the apple/support discussions, 
there are a couple of comments that software must be written 
specifically to use Xgrid. I have no idea what that means.

Also, keep in mind, Xgrid is still only an SDK - Software Developers 
Kit. Nominally, that means "This does what we expect it to do, but it 
probably won't do what you expect it to do!"

T.T.F.N.
William H. Magill
# Beige G3 - Rev A motherboard - 768 Meg
# Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg
# PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a
# XP1000  [Alpha EV6]
magill at mcgillsociety.org
magill at acm.org
magill at mac.com