Difference between revisions of "GLExec Environment Wrap and Unwrap scripts"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 1: Line 1:
We provide a new package named [http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.glite.security.glexec-wrapper-scripts/ glexec-wrapper-scripts] (at the moment primarily) through the Etics system and from our [https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/pdpsoft/trunk/grid-mw-security/glexec/util/wrap-env-var/ SVN repository].
+
GLExec Wrap and Unwrap environment variables] describes how you can wrap environment variables in such a way that they don't get wipe and unwrap them (safely) in the target account (pilot job payload) process.
  
 +
= Where to find packages and sources =
  
 +
We provide a new packages named [http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.glite.security.glexec-wrapper-scripts/ glexec-wrapper-scripts] (at the moment primarily) through the Etics system. The sources can be found in our [https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/pdpsoft/trunk/grid-mw-security/glexec/util/wrap-env-var/ SVN repository].
  
To help you master the obstacles of gLExec's security we offer some interesting How To material:
+
= gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl) =
 
 
* [https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/pdpsoft/trunk/grid-mw-security/glexec/util/wrap-env-var/ GLExec Wrap and Unwrap environment variables] describes how you can wrap environment variables in such a way that they don't get wipe and unwrap them (safely) in the target account (pilot job payload) process.
 
 
 
=== gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl) ===
 
  
 
Helper script to restore the environment variables previously wrapped into the environment variable GLEXEC_ENV using the glexec_wrapenv.pl script.
 
Helper script to restore the environment variables previously wrapped into the environment variable GLEXEC_ENV using the glexec_wrapenv.pl script.

Revision as of 09:10, 10 June 2009

GLExec Wrap and Unwrap environment variables] describes how you can wrap environment variables in such a way that they don't get wipe and unwrap them (safely) in the target account (pilot job payload) process.

Where to find packages and sources

We provide a new packages named glexec-wrapper-scripts (at the moment primarily) through the Etics system. The sources can be found in our SVN repository.

gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl)

Helper script to restore the environment variables previously wrapped into the environment variable GLEXEC_ENV using the glexec_wrapenv.pl script.

Intended usage:

export GLEXEC_ENV=`glexec_wrapenv.pl`
/opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>

By default the following environment variables are NOT unwrapped:

  • HOME
  • LOGNAME
  • USER
  • X509_USER_PROXY
  • _ (yes that's '_' !)

A user can add more env vars to be excluded using either

--exclude=A --exclude=B

or

--exclude=A,B,...

Example 1:

export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR`
/opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>

Example 2:

export GLEXEC_ENV=`glexec_wrapenv.pl`
/opt/glite/sbin/glexec glexec_unwrapenv.pl --exclude=MYVAR -- <YOUR-COMMAND>

Example 3:

export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR`
/opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>