#123 Evaluator shouldn't have to be setuid vadmin
The evaluator has traditionally been setuid vadmin. It
would be good to eliminate this.
There are at least two reasons why it is currently
necessary for the evaluator to be setuid vadmin:
- Making files immutable in volatile directories
requires write permission. Volatile directories are
writable only by their owner and are currently owned by
the special runtool user. The evaluator is only able
to make their files immutable because it operates with
vadmin's permissions. We'll need to make it possible
for the user who started the evaluator to do this,
which means giving volatile directories dual ownership.
This means giving them attributes, which means changes
to the VDirVolatileRoot class.
- The evaluator writes shortid files to hold text
values (for example, when placing a text value in a
filesystem for _run_tool) directly in the sid
directory, which requires vadmin permissions. However
it could write them through the repository's NFS
interface. It creates these files in a volatile
directory. (See the functions CreateDerived and
CreateRootForDeriveds in PrimRunTool.C.) It could
write those files in the volatile directory where it
creates them. (This will also require granting the
user running the evaluator write permission to the
volatile directories they create.)
