From 645c59ef6a6b34253e1e334d1b21d04ba7501a5f Mon Sep 17 00:00:00 2001
From: Moe Jette <jette1@llnl.gov>
Date: Sat, 15 Jan 2011 18:57:39 +0000
Subject: [PATCH] Patch from Gerrit
 22_Cray-slurmctld-SlurmUser-must_be-root.diff

Cray: SlurmUser needs to be 'root'

This disallows a SlurmUser other than root. The reason is that slurmctld forks
processes talking to ALPS/BASIL. Doing this requires root permissions.

The following rules apply:
 * the RESERVE method requires that
   - either the effective UID of the calling process resolves to that of the
     'user_name' attribute of the ReserveParamArray or
   - the effective UID is 0 (super-user), i.e.
   - only root can make reservations for other users;
 * the RELEASE method requires root permissions in all cases (slurmctld uses
   this method on each scheduling cycle to clean up vestigial ALPS reservations).

To avoid entanglements with sudo, this patch simply throws a fatal() message
if the SlurmUser is not root. (An alternative would be to issue an error
message, but to continue processing.)
---
 src/common/read_config.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/common/read_config.c b/src/common/read_config.c
index 600698b383f..f6e7b08df2d 100644
--- a/src/common/read_config.c
+++ b/src/common/read_config.c
@@ -2785,6 +2785,11 @@ _validate_and_set_defaults(slurm_ctl_conf_t *conf, s_p_hashtbl_t *hashtbl)
 			conf->slurm_user_id = my_uid;
 		}
 	}
+#ifdef HAVE_NATIVE_CRAY
+	if (conf->slurm_user_id != 0)
+		fatal("Cray requires SlurmUser=root (default), but have '%s'.",
+			conf->slurm_user_name);
+#endif
 
 	if (!s_p_get_string( &conf->slurmd_user_name, "SlurmdUser", hashtbl)) {
 		conf->slurmd_user_name = xstrdup("root");
-- 
GitLab