Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce RQD_BECOME_JOB_USER to allow to not use root privilege #847

Merged
merged 1 commit into from
Dec 15, 2020
Merged

Introduce RQD_BECOME_JOB_USER to allow to not use root privilege #847

merged 1 commit into from
Dec 15, 2020

Conversation

splhack
Copy link
Contributor

@splhack splhack commented Dec 1, 2020

This PR allows RQD to run without root privilege.

  • quoting RQD fresh install - CRITICAL:root:Please run launch as root #804

    it needs to run as root. It's not ideal, and something we should address eventually

  • With non-NFS use case (like transferring rendered result to distributed storage), RQD process isn't necessary to become the job user. Thus it doesn't need root privilege at all.

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Dec 1, 2020
edited

CLA Signed

The committers are authorized under a signed CLA.

bcipriano
bcipriano reviewed Dec 10, 2020
View reviewed changes
Copy link
Collaborator

@bcipriano bcipriano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great change and overall looks good to me. Thank you for sending it!

The only thing I'm thinking about here is the naming of the new config value. In practice, the reason RQD needs to run as root is because, when kicking off a render, it then switches (via su) to the user who launched the job. From the user's perspective, the behavior they would be toggling is that user switching -- running as root is only the means to that end.

So maybe the new constant should be named something like RQD_BECOME_JOB_USER or something like that? Open to other ideas. I feel like this would make the purpose of the setting more clear, what do you think?

@splhack
Copy link
Contributor Author

splhack commented Dec 10, 2020

Yes I will change the constant to the suggested name.

The ultimate goal of the change for us is, just to avoid things rquired root privilege (because it is not allowed on our system.)

@splhack splhack changed the title Introduce RQD_USE_ROOT_USER to allow to not use root privilege Introduce RQD_BECOME_JOB_USER to allow to not use root privilege Dec 11, 2020
@splhack
Copy link
Contributor Author

splhack commented Dec 11, 2020

Updated to use RQD_BECOME_JOB_USER.

bcipriano
bcipriano approved these changes Dec 15, 2020
View reviewed changes
Copy link
Collaborator

@bcipriano bcipriano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thank you!

@bcipriano bcipriano merged commit 41b3b80 into AcademySoftwareFoundation:master Dec 15, 2020
@splhack splhack deleted the use_root branch December 16, 2020 23:36
@DiegoTavares DiegoTavares mentioned this pull request Apr 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcipriano bcipriano bcipriano approved these changes

@DiegoTavares DiegoTavares Awaiting requested review from DiegoTavares DiegoTavares is a code owner

@gregdenton gregdenton Awaiting requested review from gregdenton

@jrray jrray Awaiting requested review from jrray

@larsbijl larsbijl Awaiting requested review from larsbijl

@smith1511 smith1511 Awaiting requested review from smith1511

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@splhack @bcipriano