Hi, I am wondering if there is any way to stop a user from impersonating another user when running workers on Linux?
I’ve been investigating setting up Deadline for teaching undergraduates. An essential requirement is that no student can access or modify files belonging to another student.
I hoped this could be accomplished by restricting NFS file permissions to each user and running jobs on the worker node as the users themselves, but although there is an option to require Windows users to have entered their password in the Monitor, there doesn’t seem to be a similar option for Linux, so there is nothing stopping one student from impersonating another student if they put their username for the user to run the job as.
Is there anyway around this or is this just part of the trust model that Deadline uses?
You could lock students out of editing the job’s user field with user groups. From there the submitter will just use system username for the job’s user.
The only time the job’s user is used is when Rendering Jobs As User is enabled. So if you’re going to run the Worker as the student it doesn’t matter what the username is. If the Worker is running as Billy, it’ll fail to run Alice’s jobs with the NFS restrictions you’re describing, so that solution will work.
Render Jobs as User doesn’t behave well on Windows, but if you’re only running renders on Linux it’s using sudo or su to launch the render application as the user and works well in my experience. On Linux a password isn’t needed since the user running the Worker application will need sudo permissions to impersonate other users.
So in your case I’d set up Render Job as User and the NFS permissions to be doubly sure. We’ve helped out a couple schools make Deadline student-resistant.
It looks to me like it might be possible for a sufficiently motivated and knowledgable user to circumvent the restriction on changing the user field either via deadlinecommand usage to modify users or by sending a modified http request to the deadline rcs.
Is there any way around this?
I understand that most studios probably trust their staff enough for this not to be an issue for them, but I don’t think we can risk it with undergraduate students.