File: doc_security.rst

package info (click to toggle)
oar 2.5.4-2
  • links: PTS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 11,064 kB
  • sloc: perl: 28,891; ruby: 5,813; sh: 5,208; ml: 3,408; sql: 3,255; cpp: 2,277; ansic: 702; makefile: 389; php: 99; exp: 23
file content (69 lines) | stat: -rw-r--r-- 2,421 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
Security aspects in OAR
=======================

In OAR, security and user switching is managed by the "oardodo" command.  It is
a suid binary which can be executed only by root and the oar group members that
is used to launch a command, a terminal or a script with the privileges of a
particular user.  When "oardodo" is called, it checks the value of an
environment variable: OARDO_BECOME_USER.

  - If this variable is empty, "oardodo" will execute the command with the 
    privileges of the superuser (root).
  - Else, this variable contains the name of the user that will be used to 
    execute the command.


Here are the scripts/modules where "oardodo" is called and which user is used 
during this call:

  - OAR::Modules::Judas:
	  this module is used for logging and notification.
	  
    * user notification: email or command execution.
      OARDO_BECOME_USER = user

  - oarsub:
	  this script is used for submitting jobs or reservations.
	  
    * read user script
    * connection to the job and the remote shell
    * keys management
    * job key export

	  for all these functions, the user used in the OARDO_BECOME_USER variable is
	  the user that submits the job.
	
  - pingchecker:
	  this module is used to check resources health. Here, the user is root.
	  
  - oarexec: 
	  executed on the first reserved node, oarexec executes the job prologue and 
	  initiate the job.
	  
    * the "clean" method kills every oarsub connection process in superuser mode
    * "kill_children" method kills every child of the process in superuser mode
    * execution of a passive job in user mode
    * getting of the user shell in user mode
    * checkpointing in superuser mode


  - job_resource_manager:
	  The job_resource_manager script is a perl script that oar server deploys on 
	  nodes to manage cpusets, users, job keys...
	  
    * cpuset creation and clean is executed in superuser mode

  - oarsh_shell: 
	  shell program used with the oarsh script. It adds its own process in the 
	  cpuset and launches the shell or the script of the user.
	  
    * cpuset filling, "nice" and display management are executed as root.
    * TTY login is executed as user.

  - oarsh:
	  oar's ssh wrapper to connect from node to node. It contains all the context 
	  variables usefull for this connection.
	  
    * display management and connection with a user job key file are executed 
 		  as user.