Hi,
schedulix was designed to be as secure as possible.
Running jobs as other users as the jobserver agent is running, would require root or sudo privileges to do so.
That's why we did not implement that.
Our recommendation is, to run a jobserver agents for every user jobs should run with.
However, there is a way to customize schedulix to do so.
This is completely under user responsibility and we do not feel guilty for security breaks caused by this method.
It works like this:
Create a script, lets call it sudoExecutor.sh with the following content:
export
JOBEXECUTOR="/opt/schedulix/schedulix/bin/jobexecutor"
if [ "$RUNAS" != "" ]
then
sudo -i -u "$RUNAS" id
if [ $? != 0 ]
then
# 'jobexecutor exited with exit code =
50' Will be displayed in job error message if sud fails
exit 50
fi
# Make the taskfile of the job writable for the RUNAS user
chmod 666 $2
exec sudo -i -u "$RUNAS" "$JOBEXECUTOR" $*
fi
exec "$JOBEXECUTOR" $*
Adapt the JOBEXECUTOR path to your installation if necessary.
Now you can create a parameter of a job with 'Export Name' == 'RUNAS' containing the user the job should run with.
Of course, the user originally running the job server has to have the necessary sudo privileges.
This is just a POC how to do that. To make it save, there is maybe more to do check privileges.
Please note, that you have to be very careful not introducing any security problems when doing this.
Hope that helps you further.
Regards
Dieter