Allow run-as-root if 2 envars are set

Per suggestion by @bangerth, allow mpirun to execute as root if two
envars are set to specific values

Per conversation with @jsquyres, name the envars OMPI_ALLOW_RUN_AS_ROOT
and OMPI_ALLOW_RUN_AS_ROOT_CONFIRM

Fixes #4451

Signed-off-by: Ralph Castain <rhc@open-mpi.org>
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>

orte/orted/orted_submit.c

@@ -324,6 +324,14 @@ int orte_submit_init(int argc, char *argv[],
      * exit with a giant warning flag
      */
     if (0 == geteuid() && !orte_cmd_options.run_as_root) {
+        /* check for two envars that allow override of this protection */
+        char *r1, *r2;
+        if (NULL != (r1 = getenv("OMPI_ALLOW_RUN_AS_ROOT")) &&
+            NULL != (r2 = getenv("OMPI_ALLOW_RUN_AS_ROOT_CONFIRM"))) {
+            if (0 == strcmp(r1, "1") && 0 == strcmp(r2, "1")) {
+                goto moveon;
+            }
+        }
         /* show_help is not yet available, so print an error manually */
         fprintf(stderr, "--------------------------------------------------------------------------\n");
         if (orte_cmd_options.help) {
@@ -338,13 +346,17 @@ int orte_submit_init(int argc, char *argv[],
 
         fprintf(stderr, "We strongly suggest that you run %s as a non-root user.\n\n", orte_basename);
 
-        fprintf(stderr, "You can override this protection by adding the --allow-run-as-root\n");
-        fprintf(stderr, "option to your command line.  However, we reiterate our strong advice\n");
-        fprintf(stderr, "against doing so - please do so at your own risk.\n");
+        fprintf(stderr, "You can override this protection by adding the --allow-run-as-root option\n");
+        fprintf(stderr, "to the cmd line or by setting two environment variables in the following way:\n");
+        fprintf(stderr, "the variable OMPI_ALLOW_RUN_AS_ROOT=1 to indicate the desire to override this\n");
+        fprintf(stderr, "protection, and OMPI_ALLOW_RUN_AS_ROOT_CONFIRM=1 to confirm the choice and\n");
+        fprintf(stderr, "add one more layer of certainty that you want to do so.\n");
+        fprintf(stderr, "We reiterate our advice against doing so - please proceed at your own risk.\n");
         fprintf(stderr, "--------------------------------------------------------------------------\n");
         exit(1);
     }
 
+  moveon:
     /* process any mca params */
     rc = mca_base_cmd_line_process_args(orte_cmd_line, &environ, &environ);
     if (ORTE_SUCCESS != rc) {

orte/tools/orterun/orterun.1in

@@ -645,7 +645,10 @@ Allow
 .I mpirun
 to run when executed by the root user
 .RI ( mpirun
-defaults to aborting when launched as the root user).
+defaults to aborting when launched as the root user).  Be sure to see
+the
+.I Running as root
+section, below, for more detail.
 .
 .
 .TP
@@ -1628,7 +1631,26 @@ To override this default, you can add the
 .I --allow-run-as-root
 option to the
 .I mpirun
-command line.
+command line, or you can set the environmental parameters
+.I OMPI_ALLOW_RUN_AS_ROOT=1
+and
+.IR OMPI_ALLOW_RUN_AS_ROOT_CONFIRM=1 .
+Note that it takes setting
+.I two
+environment variables to effect the same behavior as
+.I --allow-run-as-root
+in order to stress the Open MPI team's strong advice against running
+as the root user.  After extended discussions with communities who use
+containers (where running as the root user is the default), there was
+a persistent desire to be able to enable root execution of
+.I mpirun
+via an environmental control (vs. the existing
+.I --allow-run-as-root
+command line parameter).  The compromise of using
+.I two
+environment variables was reached: it allows root execution via an
+environmental control, but it conveys the Open MPI team's strong
+recomendation against this behavior.
 .
 .SS Exit status
 .