Bug 1779582

Summary: SLURM by default running as root
Product: [Fedora] Fedora Reporter: Kees de Jong <keesdejong+dev>
Component: slurmAssignee: Philip Kovacs <pkfed>
Status: CLOSED WORKSFORME QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: rawhideCC: pkdevel, pkfed
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-19 11:42:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kees de Jong 2019-12-04 10:07:31 UTC 
Description of problem:
When SLURM is installed, it by default uses the user 'root'. The only service that needs to run as root is slurmd (client). I therefore suggest to change the default user to a dedicated SLURM user, e.g. the user 'slurm' with e.g. UID/GID of 64030 to be compatible with Debian-based systems (when e.g. using Federated SLURM). Or an UID/GID in the system UID/GID range. But at least a reserved UID/GID for SLURM to run as non-root for all but slurmd (SlurmdUser in slurm.conf is by default ran as the root user).

This also requires to change the ownership of the directories of SLURM services.

If this is not a good suggestion, then please explain the reasoning, then the community is aware of it as well. Thanks!

Version-Release number of selected component (if applicable): slurm-19.05.4-1.fc31
Comment 1 Philip Kovacs 2019-12-04 11:47:13 UTC 
I considered petitioning the Fedora packaging committee for a soft static allocation years ago when I first packaged slurm.  I opted instead to write a script called slurm-setuser which allows you to run slurm as the user you desire, adjusting the slurm file/directory permissions and config files with one command.  The script is in the slurm base package.