#StackBounty: #linux #permissions #cgroups Granting cpusets permissions to non-root user

Bounty: 100

By default, only root can create CPU sets (and manipulate tasks in existing ones):

$ cset shield -c0
cset: **> [Errno 13] Permission denied: '/cpusets//user'
cset: insufficient permissions, you probably need to be root

If I granted user trusted the right to run sudo cset, the commands he/she will run, e.g.

sudo cset shield -e command

would be owned by root, unless we do

sudo cset shield -e sudo -- -u trusted command

which is quite complex, especially regarding what environment is inherited by command through these layers…

Is there a way to grant trusted rights to manipulate CPU sets without changing identity?

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.