From 3cf4418bf5c08895283223b84c52cb4e43cc971f Mon Sep 17 00:00:00 2001
From: Danny Auble <da@schedmd.com>
Date: Wed, 25 Sep 2019 15:08:55 -0600
Subject: [PATCH] Disallow coordinators to show/fix runaways.

There was never any security to allow for this,
so we are just removing it.

Bug 7765
---
 NEWS                                            |  1 +
 .../mysql/as_mysql_fix_runaway_jobs.c           | 17 ++++++-----------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/NEWS b/NEWS
index 5e222fdf8ad..1506b6c5f2a 100644
--- a/NEWS
+++ b/NEWS
@@ -60,6 +60,7 @@ documents those changes that are of interest to users and administrators.
     (e.g. -C "[rack1*2&rack2*4]").
  -- Fix memory leaks in preemption when jobs request multiple features.
  -- Allow Operator users to show/fix runaways.
+ -- Disallow coordinators to show/fix runaways.
 
 * Changes in Slurm 19.05.2
 ==========================
diff --git a/src/plugins/accounting_storage/mysql/as_mysql_fix_runaway_jobs.c b/src/plugins/accounting_storage/mysql/as_mysql_fix_runaway_jobs.c
index ec21bad1af0..088d7bfb403 100644
--- a/src/plugins/accounting_storage/mysql/as_mysql_fix_runaway_jobs.c
+++ b/src/plugins/accounting_storage/mysql/as_mysql_fix_runaway_jobs.c
@@ -142,18 +142,13 @@ extern int as_mysql_fix_runaway_jobs(mysql_conn_t *mysql_conn, uint32_t uid,
 	 */
 	mysql_conn->cluster_name = first_job->cluster;
 
+	/*
+	 * Double check if we are at least an operator, this check should had
+	 * already happened in the slurmdbd.
+	 */
 	if (!is_user_min_admin_level(mysql_conn, uid, SLURMDB_ADMIN_OPERATOR)) {
-		slurmdb_user_rec_t user;
-
-		memset(&user, 0, sizeof(slurmdb_user_rec_t));
-		user.uid = uid;
-
-		if (!is_user_any_coord(mysql_conn, &user)) {
-			error("Only admins/operators/coordinators "
-			      "can fix runaway jobs");
-			rc = ESLURM_ACCESS_DENIED;
-			goto bail;
-		}
+		rc = ESLURM_ACCESS_DENIED;
+		goto bail;
 	}
 
 	iter = list_iterator_create(runaway_jobs);
-- 
GitLab