Add RQD_BECOME_JOB_USER config setting to disable user switching. (#847)

Author: splhack

rqd/rqd/__main__.py

@@ -101,7 +101,8 @@ def usage():
 def main():
     setupLogging()
 
-    if platform.system() == 'Linux' and os.getuid() != 0:
+    if platform.system() == 'Linux' and os.getuid() != 0 and \
+       rqd.rqconstants.RQD_BECOME_JOB_USER:
         logging.critical("Please run launch as root")
         sys.exit(1)
 

rqd/rqd/rqconstants.py

@@ -66,6 +66,7 @@
 RQD_RETRY_STARTUP_CONNECT_DELAY = 30
 RQD_RETRY_CRITICAL_REPORT_DELAY = 30
 RQD_USE_IP_AS_HOSTNAME = True
+RQD_BECOME_JOB_USER = True
 RQD_CREATE_USER_IF_NOT_EXISTS = True
 
 KILL_SIGNAL = 9
@@ -182,6 +183,8 @@
             LOAD_MODIFIER = config.getint(__section, "LOAD_MODIFIER")
         if config.has_option(__section, "RQD_USE_IP_AS_HOSTNAME"):
             RQD_USE_IP_AS_HOSTNAME = config.getboolean(__section, "RQD_USE_IP_AS_HOSTNAME")
+        if config.has_option(__section, "RQD_BECOME_JOB_USER"):
+            RQD_BECOME_JOB_USER = config.getboolean(__section, "RQD_BECOME_JOB_USER")
         if config.has_option(__section, "DEFAULT_FACILITY"):
             DEFAULT_FACILITY = config.get(__section, "DEFAULT_FACILITY")
         if config.has_option(__section, "LAUNCH_FRAME_USER_GID"):

rqd/rqd/rqcore.py

@@ -263,8 +263,11 @@ def runLinux(self):
 
         rqd.rqutil.permissionsHigh()
         try:
-            tempCommand += ["/bin/su", runFrame.user_name, rqd.rqconstants.SU_ARGUEMENT,
-                            '"' + self._createCommandFile(runFrame.command) + '"']
+            if rqd.rqconstants.RQD_BECOME_JOB_USER:
+                tempCommand += ["/bin/su", runFrame.user_name, rqd.rqconstants.SU_ARGUEMENT,
+                                '"' + self._createCommandFile(runFrame.command) + '"']
+            else:
+                tempCommand += [self._createCommandFile(runFrame.command)]
 
             # Actual cwd is set by /shots/SHOW/home/perl/etc/qwrap.cuerun
             frameInfo.forkedCommand = subprocess.Popen(tempCommand,

rqd/rqd/rqutil.py

@@ -73,7 +73,7 @@ def cacheGet(self, cache, key, func):
 
 def permissionsHigh():
     """Sets the effective gid/uid to processes original values (root)"""
-    if platform.system() == "Windows":
+    if platform.system() == "Windows" or not rqd.rqconstants.RQD_BECOME_JOB_USER:
         return
     PERMISSIONS.acquire()
     os.setegid(os.getgid())
@@ -87,7 +87,7 @@ def permissionsHigh():
 def permissionsLow():
     """Sets the effective gid/uid to one with less permissions:
        RQD_GID and RQD_UID"""
-    if platform.system() in ('Windows', 'Darwin'):
+    if platform.system() in ('Windows', 'Darwin') or not rqd.rqconstants.RQD_BECOME_JOB_USER:
         return
     if os.getegid() != rqd.rqconstants.RQD_GID or os.geteuid() != rqd.rqconstants.RQD_UID:
         __becomeRoot()
@@ -100,7 +100,7 @@ def permissionsLow():
 
 def permissionsUser(uid, gid):
     """Sets the effective gid/uid to supplied values"""
-    if platform.system() in ('Windows', 'Darwin'):
+    if platform.system() in ('Windows', 'Darwin') or not rqd.rqconstants.RQD_BECOME_JOB_USER:
         return
     PERMISSIONS.acquire()
     __becomeRoot()
@@ -128,6 +128,8 @@ def __becomeRoot():
 def checkAndCreateUser(username):
     """Check to see if the provided user exists, if not attempt to create it."""
     # TODO(gregdenton): Add Windows and Mac support here. (Issue #61)
+    if not rqd.rqconstants.RQD_BECOME_JOB_USER:
+        return
     try:
         pwd.getpwnam(username)
         return