Architecting, installing and maintaining your SAS environment

What part of SAS or Grid process runs as ROOT rather than the User?

Accepted Solution Solved
Reply
Occasional Contributor
Posts: 12
Accepted Solution

What part of SAS or Grid process runs as ROOT rather than the User?

Hi All,

Recently we have been observing that our users have processes that are shown as ROOT as the process owner. In contacting the User they say that they are only running Grid processes. What part of SAS or Grid could this process be? For example this is what we are seeing:

root      5819 12073  0 Jul28 ?        00:00:00 sshd: userid [priv]
userid   6231  5819  0 Jul28 ?        00:00:02 sshd: userid@pts/2
userid   6232  6231  0 Jul28 pts/2    00:00:00 -ksh
root     26386 12073  0 Jul28 ?        00:00:00 sshd: userid [priv]
thisisme 26989 25006  0 14:55 pts/4    00:00:00 grep userid
userid  29603  4321  0 Jul28 ?        01:11:46 /sas/sys/sasconfig_prod/lsf9/9.1/linux2.6-glibc2.3-x86_64/etc/res -d /sas/sys/sasconfig_prod/lsf9/conf -m svcksa69901mpk.us.bank-dns.com /home/userid/.lsbatch/1501098689.316759
userid  29650 29603  0 Jul28 ?        00:00:00 /bin/sh /home/userid/.lsbatch/1501098689.316759
userid  29689 29650  5 Jul28 ?        17:02:15 /sas/sys/sasinstall_prod/compute/SASFoundation/9.4/sasexe/sas -noterminal -netencryptalgorithm TripleDES -metaserver svcksa69901mpk.us.bank-dns.com -metaport 8561 -metarepository Foundation -locale en_US -objectserver -objectserverparms delayconn sph=svcksa69901mpk.us.bank-dns.com protocol=bridge spawned spp=12832 cid=3470 pb classfactory=440196D4-90F0-11D0-9F41-00A024BB830C server=OMSOBJSmiley FrustratedERVERCOMPONENT/A51QZNX6.AY00000B cel=everything lb recon grid keepalive=500 -METAUSER
userid  31582 26386  0 Jul28 ?        00:00:26 sshd: userid@pts/0
userid  31654 31582  0 Jul28 pts/0    00:00:00 -ksh
userid  31853 31654  0 Jul28 pts/0    01:03:41 top

 

It is line 1 and 3 we are concerned about. Did we just stumble across this user logged in as ROOT or is this a SAS process creating this process?

 

Thank you for your insight.


Accepted Solutions
Solution
Monday
Super User
Posts: 6,946

Re: What part of SAS or Grid process runs as ROOT rather than the User?

The SSH port is a so-called privileged port (<1024), which can only be used by the superuser. Therefore the master sshd daemon runs as root and spawns children for every connection (which stay under userid 0); once login is completed (either by password or public/private key), another child running with the login user's identity is spawned. This child then starts the shell.

12073 should be your master sshd with parent process 1.

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers

View solution in original post


All Replies
Solution
Monday
Super User
Posts: 6,946

Re: What part of SAS or Grid process runs as ROOT rather than the User?

The SSH port is a so-called privileged port (<1024), which can only be used by the superuser. Therefore the master sshd daemon runs as root and spawns children for every connection (which stay under userid 0); once login is completed (either by password or public/private key), another child running with the login user's identity is spawned. This child then starts the shell.

12073 should be your master sshd with parent process 1.

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
Trusted Advisor
Posts: 1,141

Re: What part of SAS or Grid process runs as ROOT rather than the User?

Indeed, as @KurtBremser wisely said. On simple words: the initial process must be always be spawned as root, but just for connections to protected ports. Afterwards, any other process will be owned by the appropiate user.

 

On Linux there are many applications that run on the same way, and it is due to Linux security policies. A very common example are the web servers (such as Apache). If you want a web server to provide service on default ports 80 (http) or 443 (https), the inital process to listen on those ports must be owned by root. Any other child process will be owner by the user assigned to thr web server.

☑ This topic is SOLVED.

Need further help from the community? Please ask a new question.

Discussion stats
  • 2 replies
  • 101 views
  • 2 likes
  • 3 in conversation