Opened 15 years ago

Last modified 9 years ago

#196 new defect

IZ1250: non-root $ADMINUSER should be allowed to own files

Reported by: dom Owned by:
Priority: low Milestone:
Component: sge Version: 6.0
Severity: Keywords: install
Cc:

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=1250]

        Issue #:      1250             Platform:     All      Reporter: dom (dom)
       Component:     gridengine          OS:        All
     Subcomponent:    install          Version:      6.0         CC:    None defined
        Status:       NEW              Priority:     P4
      Resolution:                     Issue type:    DEFECT
                                   Target milestone: ---
      Assigned to:    andy (andy)
      QA Contact:     dom
          URL:
       * Summary:     non-root $ADMINUSER should be allowed to own files
   Status whiteboard:
      Attachments:

     Issue 1250 blocks:
   Votes for issue 1250:


   Opened: Mon Aug 23 01:00:00 -0700 2004 
------------------------


( I'll be ok with this as an RFE also. )

During N1GE6 installation, 'install_qmaster'
offers an alternative uid owner
to root for the distribution (particularly the
spool directories).  This is
to provide continued rw by root in those cases
where parts of $SGE_ROOT may
be distributed via NFS.

It is clear that if $ADMINUSER is used at all,
currently $SGE_ROOT itself
needs to be owned by $ADMINUSER also (bug
#5090127) or the install may fail
when $ADMINUSER lacks sufficient perm to create
dir/file under parent dirs
not owned by it.

To extend that further, could it not be possible
for root to do an install,
specify an $ADMINUSER, and have all the dirs/files
summarily chown'd to
$ADMINUSER except for those files that need to be
suid/sgid root?

Secondly, if a manual chown to $ADMINUSER is done
prior to 'install_qmaster',
if the verify file perms feature is selected
everything is chown'd to root
(the manual chown is undone).
 Justification:

There are select files that require suid/sgid
root, but I find no reason
why all the rest of the N1GE distribution couldn't
be owned by the
administrator uid.

I find it currently surprising that if one
explicitly and deliberately
performs a 'chown -R sgeadmin $SGE_ROOT' to make
everything in $SGE_ROOT
owned by 'sgeadmin', that 'install_qmaster' can
undo all this with no
explicit warning.   If I ask to verify dir/file
perms, the 'setfileperms.h'
function happily converts ownership all to uid=0
gid=0 without saying
that's what it will do; it just indicateds that
the *perms* for files/dirs
will be set to something, not that the uid/gid
will be changed also.

Specifially, if I'm asked for a "what do you want
to install N1GE as"
early in the install, and then I later see

   Verifying and setting file permissions and
owner in ...

why should I expect the owner to be something
other than $ADMINUSER?

It should be only files that need to be suid/sgid
root that are chown'd
from $ADMINUSER to root during install I think.

 Work around:

Don't select the "verify file perms" feature
during install_qmaster :-(

Change History (0)

Note: See TracTickets for help on using tickets.