[torqueusers] Why does torque require pbs_mom/pbs_server be run as root?

skip at pobox.com skip at pobox.com
Fri Jul 16 14:26:59 MDT 2010


    Craig> How about this: No process should be run as root unless it needs
    Craig> to.  There is no reason that Torque should have to be root if it
    Craig> is only being used by a single user.

I agree with Craig.  I don't know the rationale behind using a low-numbered
port for communication between pbs_server and pbs_mom processes, but if you
can use a port > 1023 (I think that's the "low-numbered port" boundary) for
communication and that's the only reason you're running as root, then I
think there should be no restriction on running Torque stuff as a
non-privileged user.  Just adjust the port up.

If anything, running code as root is more of a security risk than running it
as a less privileged user.  Unless I am willing to spend a lot of time
inspecting the Torque code I take it largely on faith that there are no
security risks in the code.  If the code does contain an exploitable hole
the odds that it is catastropic are much lower if the code does not run as
root.

-- 
Skip Montanaro - skip at pobox.com - http://www.smontanaro.net/


More information about the torqueusers mailing list