optirooter

The optirooter application can be used by the optiworker to execute dispatcher process under the privileges of the user owning the actual task being executed. This application will use the token server to identify which user the current task belongs to. When used, the optirooter will receive a challenge key from the token server, which is relays back to the optiworker, optimaster and finally optirunner application. The optirunner will then encrypt this challenge with a unique token generated by the token server before starting the job. This is send back to the optirooter which verifies to which user this encrypted token belongs. On success, it will drop privileges to this user, and execute the dispatcher process. Before dropping privileges, the dispatcher is verified to be either a system installed dispatcher, or a dispatcher owned by the user (and located in the users' home directory) to which it will drop privileges. Note that the optirooter application has to be setuid and owned by root.