[torqueusers] restore from checkpoint as root, isn't it security hole?

Anton Starikov ant.starikov at gmail.com
Tue Feb 23 10:20:25 MST 2010


I noticed that restart from checkpoint is performed as root user.
At least with scripts provided in torque manual.
And as result process runs with root ID.
I tried to play with sudo in script, but although is checkponts job correctly, i can't get it restored under non-root user.
Although if, I ssh to node as user and perfrom cr_restart it works, but from restore script it always complain than not enough permission to restore some pipes/fds. Erros like:

from cr_filp_reopen() while restoring external pipe#012- cr_restore_all_files [10581]:  Unable to restore fd 17 (type=4,err=-13)#012- cr_rstrt_child [10581]:  Unable to restore files!  (err=-13)#012Restart failed: Permission denied

What is the reason of current behavior and is there any way to restore as normal user?
I feel that giving users ability to run processes as root isn't best idea in terms of security and stability.

Anton.


More information about the torqueusers mailing list