Difference between revisions of "GLExec Environment Wrap and Unwrap scripts"
From PDP/Grid Wiki
Jump to navigationJump to search| Line 1: | Line 1: | ||
| − | We provide a new package named [http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.glite.security.glexec-wrapper-scripts | + | We provide a new package named [http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.glite.security.glexec-wrapper-scripts/ glexec-wrapper-scripts]. |
| + | |||
| + | |||
To help you master the obstacles of gLExec's security we offer some interesting How To material: | To help you master the obstacles of gLExec's security we offer some interesting How To material: | ||
Revision as of 08:55, 10 June 2009
We provide a new package named glexec-wrapper-scripts.
To help you master the obstacles of gLExec's security we offer some interesting How To material:
- GLExec Wrap and Unwrap environment variables describes how you can wrap environment variables in such a way that they don't get wipe and unwrap them (safely) in the target account (pilot job payload) process.
gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl)
Helper script to restore the environment variables previously wrapped into the environment variable GLEXEC_ENV using the glexec_wrapenv.pl script.
Intended usage:
export GLEXEC_ENV=`glexec_wrapenv.pl` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
By default the following environment variables are NOT unwrapped:
- HOME
- LOGNAME
- USER
- X509_USER_PROXY
- _ (yes that's '_' !)
A user can add more env vars to be excluded using either
--exclude=A --exclude=B
or
--exclude=A,B,...
Example 1:
export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
Example 2:
export GLEXEC_ENV=`glexec_wrapenv.pl` /opt/glite/sbin/glexec glexec_unwrapenv.pl --exclude=MYVAR -- <YOUR-COMMAND>
Example 3:
export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
