Skip to content

Commit

Permalink
connector-local: add allow-root-owner config
Browse files Browse the repository at this point in the history
Allow the root user to connect with FLUX_ROLE_OWNER
if [access] includes "allow-root-owner = true".
This is a usability improvement for the system instance:
instead of "sudo -u flux flux ...", one can just type
"sudo flux ...".

Fixes flux-framework#2829
  • Loading branch information
garlick authored and trws committed Mar 30, 2020
1 parent 243e6ff commit 388bca7
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions src/modules/connector-local/local.c
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ struct connector_local {
flux_t *h;
uid_t instance_owner;
int allow_guest_user;
int allow_root_owner;
};

/* A 'struct route_entry' is attached to the 'struct usock_conn' aux hash
Expand Down Expand Up @@ -73,6 +74,8 @@ static int client_authenticate (struct connector_local *ctx,
*/
if (cuid == ctx->instance_owner)
rolemask = FLUX_ROLE_OWNER;
else if (ctx->allow_root_owner && cuid == 0)
rolemask = FLUX_ROLE_OWNER;
else if (ctx->allow_guest_user)
rolemask = FLUX_ROLE_USER;

Expand Down Expand Up @@ -191,19 +194,25 @@ static void acceptor_cb (struct usock_conn *uconn, void *arg)
*
* allow-guest-user = true
* Allow users other than instance owner to connect with FLUX_ROLE_USER
*
* allow-root-owner = true
* Allow root user to have instance owner role
*/
int parse_config (struct connector_local *ctx, const flux_conf_t *conf)
{
flux_conf_error_t error;

ctx->allow_guest_user = 0;
ctx->allow_root_owner = 0;

if (flux_conf_unpack (conf,
&error,
"{s?:{s?:b}}",
"{s?:{s?:b s?:b}}",
"access",
"allow-guest-user",
&ctx->allow_guest_user) < 0) {
&ctx->allow_guest_user,
"allow-root-owner",
&ctx->allow_root_owner) < 0) {
flux_log (ctx->h,
LOG_ERR,
"error parsing [access] configuration: %s",
Expand Down

0 comments on commit 388bca7

Please sign in to comment.