Non privilege separation is broken in v3 series
Found this out while helping Joe Boyd with his v3.2 factory. Factory fails to process credentials and to submit glideins when privsep is not used. IF do not use privsep and they need this for their v3.2 setup
#4 Updated by Joe Boyd about 7 years ago
I mentioned to Parag that Burt had mentioned to me that he didn't want to support privilege separation in V3 and I had said it would be ok as long as we could still install everything as non-root and then just have the sysadmins change something to setuid root. Parag said that was the condor switchboard and was something different than what he was talking about here. I don't know the details of what we're talking about really.
I DO think that anything that can be run non-root should be run non-root. It doesn't seem like the majority of this stuff should be installed and run as root but I guess if there's one small piece that needs to be setuid root that's not bad. What has to be installed root and what has to be run root if we run with privilege separation? Can everything still be installed non-root with the .ini installer and there's just one step at the end to have the sysadmins make something setuid root?
#5 Updated by Parag Mhashilkar about 7 years ago
Short answer we decided to bite the bullet and support non priv separation
Thankfully this time I documented in my Meeting Notes :) and I went digging into my chat logs.
June 04, 2012 =============
- Decision: Support non-privilage separation
June 11, 2012 =============
- Non privilage separation now fixed in the v3+
Chat logs with Burt from July 12 & 16 , 2013 ===========================
Since we decided to support non privsep for IF. However, since they were not going to use dev release, v3.1 was shipped with no-priv broken. I forgot to put it in the release notes for v3.1 as known issue :(