From cff332116268a15cfe4251a86ec0de318e2d19f6 Mon Sep 17 00:00:00 2001
From: Moe Jette <jette1@llnl.gov>
Date: Mon, 22 May 2006 16:58:20 +0000
Subject: [PATCH] Don't premit owner of a job to scancel it if started by user
 root (e.g. LCRM). They need to use prm to avoid getting LCRM out of sync.

---
 src/slurmctld/job_mgr.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/slurmctld/job_mgr.c b/src/slurmctld/job_mgr.c
index 4e1bcaa7255..2637f6e0550 100644
--- a/src/slurmctld/job_mgr.c
+++ b/src/slurmctld/job_mgr.c
@@ -1464,6 +1464,7 @@ extern int job_signal(uint32_t job_id, uint16_t signal, uint16_t batch_flag,
 {
 	struct job_record *job_ptr;
 	time_t now = time(NULL);
+	bool super_user;
 
 	job_ptr = find_job_record(job_id);
 	if (job_ptr == NULL) {
@@ -1471,11 +1472,18 @@ extern int job_signal(uint32_t job_id, uint16_t signal, uint16_t batch_flag,
 		return ESLURM_INVALID_JOB_ID;
 	}
 
-	if ((job_ptr->user_id != uid) && (uid != 0) && (uid != getuid())) {
+	super_user = ((uid == 0) || (uid == getuid()));
+	if ((job_ptr->user_id != uid) && (!super_user)) {
 		error("Security violation, JOB_CANCEL RPC from uid %d",
 		      uid);
 		return ESLURM_USER_ID_MISSING;
 	}
+	if ((!super_user) && job_ptr->part_ptr
+	&&  (job_ptr->part_ptr->root_only)) {
+		info("Attempt to cancel job in RootOnly partition from uid %d",
+			uid);
+		return ESLURM_USER_ID_MISSING;
+	}
 
 	if (IS_JOB_FINISHED(job_ptr))
 		return ESLURM_ALREADY_DONE;
-- 
GitLab