On 2018-05-10 21:48, Christopher Benjamin Coffey wrote:
Hi,
We noticed that recently --uid, and --gid functionality changed where
previously a user in the slurm administrators group could launch jobs
successfully with --uid, and --gid , allowing for them to submit jobs as
another user. Now, in order to use --uid, --gid, you have to be the root user.
What was the reasoning in making this change? Do people not trust the folks in
the slurm administrator group to allow this behavior? Seems odd.
This bit us awhile back when upgrading from 16.05.6 to slurm 17.11 which has
this --uid/--gid change in it. We've just recently gotten time to look into it.
We've patched slurm (a very small change) to remove the check as we need this
functionality. I'd imagine there wouldn't be any consequences from the minor
change, but would like to hear if possible why the change was made and if this
code change is a bad idea. Also, is there a better solution to allow a non-root
slurm administrator user to submit jobs as another person?
We ran into this as well when doing a 16.05->17.11 upgrade. We have a
jupyterhub instance where users can login with their usual credentials
through a web browser, and then launch jupyter notebook as a slurm job.
We were using (I didn't setup this thing, so maybe I'm getting the
details wrong...) the --uid/--gid thing so that the jupyterhub account
could then submit the slurm jobs as the actual user.
This particular usecase was easy to work around by modifying the
jupyterhub->slurm integration stuff to use sudo to submit the job, and
setting up an appropriate sudo rule.
--
Janne Blomqvist, D.Sc. (Tech.), Scientific Computing Specialist
Aalto University School of Science, PHYS & NBE
+358503841576 || janne.blomqv...@aalto.fi
