Opened 7 years ago

Closed 7 years ago

#1456 closed defect (fixed)

min_uid and min_gid apply to prefix users of prolog

Reported by: wish Owned by: Dave Love <d.love@…>
Priority: normal Milestone:
Component: sge Version: 6.2u3
Severity: minor Keywords:
Cc:

Description

Setting min_uid and min_gid prevents sge_execd from running a prolog as a user with a uid or gid below this value using the user@ prefix. This can be worked around (eg by running it as a special user with uid/gid above the threshold and using sudo to switch to the desired user) it is unexpected and adds a difficulty for no real security gain. The effect of this failure to run the prolog seems to be to push the job back on to the queue.

The same problem probably applies to the epilog.

Change History (2)

comment:1 Changed 7 years ago by wish

Failure to run prolog puts queue in an error state.

comment:2 Changed 7 years ago by Dave Love <d.love@…>

  • Owner set to Dave Love <d.love@…>
  • Resolution set to fixed
  • Status changed from new to closed

In 4500/sge:

Fix #1456: Ignore min_uid, min_gid when running prolog etc.

Note: See TracTickets for help on using tickets.