topic Re: What part of SAS or Grid process runs as ROOT rather than the User? in Administration and Deployment

What part of SAS or Grid process runs as ROOT rather than the User?

DJWanna — Tue, 08 Aug 2017 20:07:22 GMT

Hi All,

Recently we have been observing that our users have processes that are shown as ROOT as the process owner. In contacting the User they say that they are only running Grid processes. What part of SAS or Grid could this process be? For example this is what we are seeing:

root      5819 12073 0 Jul28 ?        00:00:00 sshd: userid [priv]
userid   6231 5819 0 Jul28 ?        00:00:02 sshd: userid@pts/2
userid   6232 6231 0 Jul28 pts/2    00:00:00 -ksh
root     26386 12073 0 Jul28 ?        00:00:00 sshd: userid [priv]
thisisme 26989 25006 0 14:55 pts/4    00:00:00 grep userid
userid 29603 4321 0 Jul28 ?        01:11:46 /sas/sys/sasconfig_prod/lsf9/9.1/linux2.6-glibc2.3-x86_64/etc/res -d /sas/sys/sasconfig_prod/lsf9/conf -m svcksa69901mpk.us.bank-dns.com /home/userid/.lsbatch/1501098689.316759
userid 29650 29603 0 Jul28 ?        00:00:00 /bin/sh /home/userid/.lsbatch/1501098689.316759
userid 29689 29650 5 Jul28 ?        17:02:15 /sas/sys/sasinstall_prod/compute/SASFoundation/9.4/sasexe/sas -noterminal -netencryptalgorithm TripleDES -metaserver svcksa69901mpk.us.bank-dns.com -metaport 8561 -metarepository Foundation -locale en_US -objectserver -objectserverparms delayconn sph=svcksa69901mpk.us.bank-dns.com protocol=bridge spawned spp=12832 cid=3470 pb classfactory=440196D4-90F0-11D0-9F41-00A024BB830C server=OMSOBJ:SERVERCOMPONENT/A51QZNX6.AY00000B cel=everything lb recon grid keepalive=500 -METAUSER
userid 31582 26386 0 Jul28 ?        00:00:26 sshd: userid@pts/0
userid 31654 31582 0 Jul28 pts/0    00:00:00 -ksh
userid 31853 31654 0 Jul28 pts/0    01:03:41 top

It is line 1 and 3 we are concerned about. Did we just stumble across this user logged in as ROOT or is this a SAS process creating this process?

Thank you for your insight.

Re: What part of SAS or Grid process runs as ROOT rather than the User?

Kurt_Bremser — Tue, 08 Aug 2017 20:17:08 GMT

The SSH port is a so-called privileged port (<1024), which can only be used by the superuser. Therefore the master sshd daemon runs as root and spawns children for every connection (which stay under userid 0); once login is completed (either by password or public/private key), another child running with the login user's identity is spawned. This child then starts the shell.

12073 should be your master sshd with parent process 1.

Re: What part of SAS or Grid process runs as ROOT rather than the User?

JuanS_OCS — Wed, 09 Aug 2017 07:30:56 GMT

Indeed, as @Kurt_Bremser wisely said. On simple words: the initial process must be always be spawned as root, but just for connections to protected ports. Afterwards, any other process will be owned by the appropiate user.

On Linux there are many applications that run on the same way, and it is due to Linux security policies. A very common example are the web servers (such as Apache). If you want a web server to provide service on default ports 80 (http) or 443 (https), the inital process to listen on those ports must be owned by root. Any other child process will be owner by the user assigned to thr web server.