Opened 11 years ago

Last modified 9 years ago

#563 new defect

IZ2699: SGE services should only start when started by root or admin user

Reported by: mpospisil Owned by:
Priority: normal Milestone:
Component: sge Version: 6.0
Severity: Keywords: qmaster
Cc:

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=2699]

        Issue #:      2699             Platform:     All      Reporter: mpospisil (mpospisil)
       Component:     gridengine          OS:        All
     Subcomponent:    qmaster          Version:      6.0         CC:    None defined
        Status:       NEW              Priority:     P3
      Resolution:                     Issue type:    DEFECT
                                   Target milestone: ---
      Assigned to:    ernst (ernst)
      QA Contact:     ernst
          URL:
       * Summary:     SGE services should only start when started by root or admin user
   Status whiteboard:
      Attachments:

     Issue 2699 blocks:
   Votes for issue 2699:


   Opened: Fri Aug 22 06:39:00 -0700 2008 
------------------------


The problem is that the cluster is running as sge_admin, when execd host1 is
stopped. Any user can source the cluster settings and start it. This execd is
not seen by the cluster and cannot spool or write to the messages file, but
happily occupies the SGE_EXECD_PORT. When admin wants to really start sgeexecd
it will silently fail.

Well as admin he can kill such process, but it might take some time to recognize
it, or that the sgeexecd is not running.

It there is some automation in place that detects missing sgeexecd and start it
it will always fail (and the exit code is 0)
# ./default/common/sgeexecd start
#   starting sge_execd
# echo $?
# 0
But it does not really run!

I consider this a minor security issue.

Change History (0)

Note: See TracTickets for help on using tickets.