[torqueusers] restore from checkpoint as root, isn't it security hole?
ant.starikov at gmail.com
Tue Feb 23 10:20:25 MST 2010
I noticed that restart from checkpoint is performed as root user.
At least with scripts provided in torque manual.
And as result process runs with root ID.
I tried to play with sudo in script, but although is checkponts job correctly, i can't get it restored under non-root user.
Although if, I ssh to node as user and perfrom cr_restart it works, but from restore script it always complain than not enough permission to restore some pipes/fds. Erros like:
from cr_filp_reopen() while restoring external pipe#012- cr_restore_all_files : Unable to restore fd 17 (type=4,err=-13)#012- cr_rstrt_child : Unable to restore files! (err=-13)#012Restart failed: Permission denied
What is the reason of current behavior and is there any way to restore as normal user?
I feel that giving users ability to run processes as root isn't best idea in terms of security and stability.
More information about the torqueusers