IZ653: JVM startup fails when started under sdmadmin user account with not-helpful message

[easymf]

[Imported from gridengine issuezilla ​http://gridengine.sunsource.net/issues/show_bug.cgi?id=653]

        Issue #:      653             Platform:     Sun            Reporter: easymf (easymf)
       Component:     hedeby             OS:        All
     Subcomponent:    bootstrap       Version:      1.0u3_Beta-1      CC:    None defined
        Status:       NEW             Priority:     P3
      Resolution:                    Issue type:    DEFECT
                                  Target milestone: 1.0u5next
      Assigned to:    adoerr (adoerr)
      QA Contact:     adoerr
          URL:
       * Summary:     JVM startup fails when started under sdmadmin user account with not-helpful message
   Status whiteboard:
      Attachments:


     Issue 653 blocks:
   Votes for issue 653:     Vote for this issue


   Opened: Fri May 8 09:11:00 -0700 2009 
------------------------


   Description

   If user starts SDM JVM using a command "sdmadm suj -j JVM_NAME" under sdmadmin
   user account, it can happen that JVM fails to start with message:

   ~$ sdmadm -s sdm suj
   WARNING: All commands are executed as user $<sdmadmin_username> (non root mode)
   jvm   host                result message
   ---------------------------------------------------------------
   cs_vm osol                ERROR  JVM: cs_vm died during
                                    startup.
   Error: Command has generated error.

   Evaluation

   Not critical, but confusing for the user - it is not clearly defined, that
   sdmadmin user may not have sufficient credentials to start the JVM. in addition,
   the error message says nothing about the real cause, so the user has to guess
   what is the problem.

   Suggested Fix/Work Around

   Work around is simple - to start the JVM under user account of the JVM owner
   (see "sdmadm sgc" to check the JVM owner).
   The fix has to address the error message, behavior and documentation - ideally:
   1. sdmadm suj command should detect, if the user that tries to start the JVM is
   owner of the jvm (or if user switching is possible), if not ->
   2. error message should clearly state, that "sdmadm suj" has to be performed
   under JVM owner user account
   3. documentation should be adjusted in a way, that is clear to user that
   sdmadmin user may not have sufficient credentials to start the JVM and thus the
   JVM owner user should be used to perform "sdmadm suj" command

   Analysis

   The problem is caused by fact, that daemon (JVM) keystore is owned JVM owner
   user, and the permissions are as follows:

   -rw------- 1 <jvm_owner_user> <jvm_owner_group> 2727 2009-05-06 16:39 cs_vm.keystore

   When a sdmadmin user is not jvm owner user, then the starting process can not
   access the keystore and JVM refuses to start. The ParentStartupService evaluates
   this as "jvm has died during startup" situation.

   How to test

   Testsuite test is appropriate - test should perform:
   1. starting the JVM under sdmadmin user account (sdmadmin !=jvm owner) and check
   the behavior and message
   2. starting the JVM under sdmdmin user account (sdmadin == jvm owner) and
   check the behavior and message
   3. starting the JVM under jvm owner user account (assuming that jvmowner is NOT
   sdmadmin) and check the behavior and message

   ATC: 2 PD
   ETC: 0 PD
               ------- Additional comments from rhierlmeier Wed Nov 25 07:21:11 -0700 2009 -------
   Milestone changed