[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] How to run jobs as root

> On Nov 3, 2014, at 10:03 AM, Rich Pieri <ratinox@xxxxxxx> wrote:
> On 11/3/14 10:53 AM, Zachary Miller wrote:
>>  3) Create a USER_JOB_WRAPPER that *CAREFULLY* checks to see if it's running
>>     as "croot" and uses a setuid executable to escalate to root priv before
>>     running the actual job.
> I still maintain that reimplementation without the UID 0 requirement is
> the best course. That said, using sudo is a much safer mechanism for
> elevating privileges than using setuid binaries.

Opinion seconded!

A few further thoughts:
- "sudo" configuration, while hairy, is still a lot easier to verify than code.
- setuid binaries are extraordinarily hard to audit.  There's a host of specialized checks you have to do (such as sanitizing environment variables and avoiding library calls) to write a good one that make this task really the "stuff of experts" - and if the expert doesn't recommend "reimplement without root privileges", I wonder if they are really an expert :).

By going the "sudo" route, you at least are forced to write down what exactly can be done as root.  There's still a million ways to shoot yourself in the foot (think about input sanitization) I wouldn't want to do it myself!