JIRA Issue

[#XCI-369] Consider changing xdusage to use suid binary that execs xdusage script

[XCI-369] Consider changing xdusage to use suid binary that execs xdusage script Created: 04/09/2018  Updated: 12/01/2021

Status: Backlog
Project: XSEDE Cyberinfrastructure Integration
Component/s: None
Fix Version/s: PY11 (Sep '21 - Aug '22)

Type: New Feature Priority: Major
Reporter: Eric Blau Assignee: Unassigned
Resolution: Unresolved Votes: 0

Issue Links:
Associated bugs and stories
associated with XCI-917 Upgrade xdusage to new accounting API In Progress
XSEDE Priority: -
Public activity link: https://software.xsede.org/display/xci-369
Track status in meeting: no

 Description   

With reference to https://tickets.xsede.org/Ticket/Display.html?id=86353

xdusage currently requires one to configure sudo to allow the script to run as the xdusage user to be able to read database/api access secrets.  Instead, we could have a setuid binary that does nothing except exec() the hardcoded path to the xdusage script.



 Comments   

There are comments for XCI-369 that can be viewed with XSEDE authentication.