Running pbs_snapshot with sudo


#21

Hi,

We’ve recently found a use for this enhancement for our internal testing purposes. The use case is as follows:

We run PTL tests as a non-root user on our internal test systems, there are some pbs_snapshot tests and we’d like to be able to run them as a non-root user as well. We have sudo rules in place which restrict some of the commands that pbs_snapshot executes (like chmod) from being run with sudo. So, it’d really help if we add a switch to pbs_snapshot so that it runs only the necessary commands with sudo and runs the other commands as a normal user.

So, I’m reopening this discussion. Let’s figure out the most generic way to enhance pbs_snapshot for such use cases.


#22

… and if somebody can tell me how I can remove the [CLOSED] tag from the title that’ll be great.


#23

Based on the input from Josh I’d argue that the original proposal - i.e., “with-sudo”, would be the right way to go. The use case that you summarize can be satisfied with that interface. If there is a relatively broad swath of end users who just use root or an alternative to sudo, it is not reasonable to provide a default interface that relies on it being there.

Other than that, this seems a fine proposal, and meets an important end user use case.


#24

Thanks for replying Ian, I agree with you, we should not use sudo by default.


#25

@billnitzberg, I cannot remove the [CLOSED] tag from this topic, any chance you have the permissions to do it?


#26

@agrawalravi90 done.


#29

I agree on adding sudo option to pbs_snapshot. Also debug output should tell which all command will be run as sudo.


#30

Thanks Anamika, I like that idea.


#31

+1
Not having sudo by default and supporting --with-sudo as an option, seems to be the way to go.


#32

I’ve posted a design for this here: https://pbspro.atlassian.net/wiki/spaces/PD/pages/702087171/Enhance+pbs+snapshot+to+be+non-root+friendly

Since we already are on a consensus about the approach, I won’t wait for sign-offs on it before creating the PR, but I will appreciate if you guys could review it for semantics and let me know if I should add/modify any information. Thanks!


#33

Thanks Ravi. it looks good. Will there be logs telling which commands has been run as root when used --with-sudo option?


#34

So, at DEBUG level, the snapshot log that’s generated already displays all the commands being run exactly as they are run, so the ones which are run with sudo will be visible as being run with sudo. Would that be sufficient?


#35

Ah I see. yes that will work.


#36

Cool, thanks for reviewing the EDD!