Merge pull request flux-framework#2871 from garlick/no_userdb

use config file for access policy

configure.ac

@@ -494,7 +494,6 @@ AC_CONFIG_FILES( \
   src/modules/cron/Makefile \
   src/modules/aggregator/Makefile \
   src/modules/pymod/Makefile \
-  src/modules/userdb/Makefile \
   src/modules/job-ingest/Makefile \
   src/modules/job-manager/Makefile \
   src/modules/job-info/Makefile \

doc/man1/Makefile.am

@@ -18,7 +18,6 @@ MAN1_FILES_PRIMARY = \
 	flux-hwloc.1 \
 	flux-proxy.1 \
 	flux-cron.1 \
-	flux-user.1 \
 	flux-event.1 \
 	flux-mini.1 \
 	flux-version.1 \

doc/test/spell.en.pws

@@ -361,7 +361,6 @@ UTC
 addrole
 delrole
 strtoul
-userdb
 scratchdir
 EHOSTUNREACH
 ap

etc/flux.service.in

@@ -2,7 +2,6 @@
 Description=Flux message broker
 
 [Service]
-Environment=FLUX_USERDB_OPTIONS=--default-rolemask=user
 TimeoutStopSec=90
 KillMode=mixed
 ExecStart=@X_BINDIR@/flux broker \

etc/rc1

@@ -27,7 +27,6 @@ declare -a pids
 flux hwloc reload & pids+=($!)
 flux exec -r all flux module load job-info & pids+=($!)
 flux module load cron sync=hb & pids+=($!)
-flux module load userdb ${FLUX_USERDB_OPTIONS} & pids+=($!)
 flux module load job-manager & pids+=($!)
 wait_check ${pids[@]}
 unset pids

etc/rc3

@@ -21,8 +21,6 @@ flux module remove -f job-exec
 flux module remove -f job-manager
 flux exec -r all flux module remove -f job-ingest
 
-flux module remove -f userdb
-
 flux module remove -f cron
 flux exec -r all flux module remove -f aggregator
 flux exec -r all flux module remove -f barrier

src/bindings/python/flux/job.py

@@ -280,7 +280,7 @@ def get_jobs(self):
 # - Desired return value is json array, not a single value
 #
 # pylint: disable=dangerous-default-value
-def job_list(flux_handle, max_entries=1000, attrs=[], userid=os.geteuid(), states=0):
+def job_list(flux_handle, max_entries=1000, attrs=[], userid=os.getuid(), states=0):
     payload = {
         "max_entries": max_entries,
         "attrs": attrs,

src/broker/broker.c

@@ -339,7 +339,7 @@ int main (int argc, char *argv[])
 
     ctx.tbon_k = 2; /* binary TBON is default */
     /* Record the instance owner: the effective uid of the broker. */
-    ctx.cred.userid = geteuid ();
+    ctx.cred.userid = getuid ();
     /* Set default rolemask for messages sent with flux_send()
      * on the broker's internal handle. */
     ctx.cred.rolemask = FLUX_ROLE_OWNER;

src/broker/module.c

@@ -663,7 +663,7 @@ module_t *module_add (modhash_t *mh, const char *path)
      * Since this is a point to point connection between broker threads,
      * credentials are always those of the instance owner.
      */
-    p->cred.userid = geteuid ();
+    p->cred.userid = getuid ();
     p->cred.rolemask = FLUX_ROLE_OWNER;
 
     /* Update the modhash.

src/cmd/Makefile.am

@@ -53,8 +53,7 @@ flux_SOURCES = \
 	builtin/heaptrace.c \
 	builtin/proxy.c \
 	builtin/relay.c \
-	builtin/python.c \
-	builtin/user.c
+	builtin/python.c
 nodist_flux_SOURCES = \
 	builtin-cmds.c
 

src/cmd/builtin/proxy.c

@@ -244,7 +244,7 @@ static int cmd_proxy (optparse_t *p, int ac, char *av[])
     if (!(ctx.h = flux_open (uri, 0)))
         log_err_exit ("%s", uri);
     flux_log_set_appname (ctx.h, "proxy");
-    ctx.proxy_user = geteuid ();
+    ctx.proxy_user = getuid ();
     if (!(r = flux_reactor_create (SIGCHLD)))
         log_err_exit ("flux_reactor_create");
     if (flux_set_reactor (ctx.h, r) < 0)

src/cmd/builtin/relay.c

@@ -109,10 +109,10 @@ static void relay (int infd, int outfd, flux_t *h)
     usock_conn_set_error_cb (uconn, uconn_error, r);
     usock_conn_set_recv_cb (uconn, uconn_recv, entry);
 
-    /* Use effective uid of the relay process as the userid for the
+    /* Use uid of the relay process as the userid for the
      * single "client" on stdin.
      */
-    cred.userid = geteuid ();
+    cred.userid = getuid ();
     cred.rolemask = FLUX_ROLE_NONE; // delegate to "upstream"
     usock_conn_accept (uconn, &cred);