[GE users] Only root can submit jobs

Christian Bolliger christian.bolliger at id.unizh.ch
Mon Nov 29 09:24:22 GMT 2004 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]

You are right:

ps -e f -o user,ruser,command | grep sge
sgeadmin root     /opt/gridengine/bin/lx26-amd64/sge_execd
sgeadmin root      \_ sge_shepherd-94 -bg

The problem lies within the daemon which writes as user into
$SGE_ROOT/$SGE_CELL/spool/<node>/active_jobs

ls -l /opt/gridengine/matterhorn/spool/node0217a/active_jobs/*
total 88
-rw-r--r--  1 sgeadmin sge    6 Nov 29 10:16 addgrpid
-rw-r--r--  1 sgeadmin sge 1535 Nov 29 10:16 config
-rw-r--r--  1 sgeadmin sge 1141 Nov 29 10:16 environment
-rw-r--r--  1 chribo   sge    0 Nov 29 10:16 error
-rw-r--r--  1 chribo   sge    0 Nov 29 10:16 exit_status
-rw-r--r--  1 sgeadmin sge    6 Nov 29 10:16 job_pid
-rw-r--r--  1 sgeadmin sge   81 Nov 29 10:16 pe_hostfile
-rw-r--r--  1 sgeadmin sge    6 Nov 29 10:16 pid
-rw-r--r--  1 chribo   sge 2012 Nov 29 10:16 trace

But I stick with the setuid until the problem is solved (cluster behind 
fw, the users are known).

Thanks

Christian


Reuti wrote:

>Quoting Christian Bolliger <christian.bolliger at id.unizh.ch>:
>
>  
>
>>The normal init scripts starts  sge_execd as admin user which shouldn't 
>>be root.
>>Starting it with the setuid seems to be a slightly smaller risk.
>>    
>>
>
>Wouldn't this allow any user to start another execd with root rights? And: 
>execd will switch the user to the admin user, hence:
>
>$ ps -e f -o user,ruser,command
>
>may give you this:
>
>sgeadmin root     /usr/sge/bin/lx26-x86/sge_execd
>
>
>Cheers - Reuti
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
>For additional commands, e-mail: users-help at gridengine.sunsource.net
>  
>


-- 
=============================================================================
Christian Bolliger                 
IT Services                      | http://www.id.unizh.ch/
Central Systems / HPC   	 | http://www.matterhorn.unizh.ch/
University of  Zuerich           | E-Mail: christian.bolliger at id.unizh.ch
Winterthurerstr. 190             | Tel: +41 (0)1 63 56775
CH-8057 Zuerich; Switzerland     | Fax: +41 (0)1 63 54505
Mime/S CA:                https://www.ca.unizh.ch/client/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net

More information about the gridengine-users mailing list