Difference between revisions of "GLExec TransientPilotJobs"

From PDP/Grid Wiki
Jump to navigationJump to search
(fixed svn url)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
When you use glexec with transient directories and input sandboxes, it's important that you create a writable directory for your target job, and you do this in a safe and portable way.  
+
When you use [[gLExec]] with transient directories and input sandboxes, it's important that you create a writable directory for your target job, and you do this in a safe and portable way.  
  
 
In general, the setup of the batch system and OS at a site does not guarantee that the pilot job and the target user share a common group, even though in practice the 'top-level' VO group will usually be in common. However, it's not easy to identity this most-generic group. In these cases, you need to do two things:
 
In general, the setup of the batch system and OS at a site does not guarantee that the pilot job and the target user share a common group, even though in practice the 'top-level' VO group will usually be in common. However, it's not easy to identity this most-generic group. In these cases, you need to do two things:
  
* Create a temporary directory for the target job using glexec. We provide a proof-of-principle implementation on how to create such a directory, and clean up after yourself at https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/mwsec/trunk/mwsec-utils/mkgltempdir/. It will usually be inside a temporary, transient area specific to the pilot job.
+
* Create a temporary directory for the target job using glexec. We provide a proof-of-principle implementation on how to create such a directory, and clean up after yourself at http://ndpfsvn.nikhef.nl/viewvc/mwsec/trunk/mwsec-utils/mkgltempdir/. It will usually be inside a temporary, transient area specific to the pilot job.
 
* ensure that this directory is reachable for the target job. This may mean making the 'upstream' directory traversable (not but necessarily readable) by the world.
 
* ensure that this directory is reachable for the target job. This may mean making the 'upstream' directory traversable (not but necessarily readable) by the world.
  
Line 16: Line 16:
 
  The path of the directory created is printed to stdout.
 
  The path of the directory created is printed to stdout.
 
   
 
   
   -t targetdir-mode    permissions of the target directory created
+
  -h                  print a help text
 +
   -t targetdir-mode    permissions of the target directory created, a leading 0 is automatically added
 
                       (default: 0700, i.e. unreadable by the glexec invoker)
 
                       (default: 0700, i.e. unreadable by the glexec invoker)
   -m parentmode        permissions for the current user on the parent tree
+
   -m parentmode        permissions for the current user on the parent tree, a leading 0 is automatically added
 
                       (default: 0755, and should traversable for target uid)
 
                       (default: 0755, and should traversable for target uid)
 
   -r gltmp_dir        remove the target directory previously created by
 
   -r gltmp_dir        remove the target directory previously created by
 
                       $progname. Directory must be empty, unless -f  
 
                       $progname. Directory must be empty, unless -f  
 
                       is also specified.
 
                       is also specified.
 +
  -f                  force removal of target directory, see above under -r
 +
  -v                  print version number
 
   
 
   
 
   directory            base directory in which target directory is created
 
   directory            base directory in which target directory is created
Line 31: Line 34:
  
 
Download the utility at:
 
Download the utility at:
 
+
* http://software.nikhef.nl/dist/mwsec/rpm/ (RPM repositories)
* https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/mwsec/trunk/mwsec-utils/mkgltempdir/
+
* http://software.nikhef.nl/security/mkgltempdir/ (source tarball)
* http://software.nikhef.nl/security/mkgltempdir/
+
* http://ndpfsvn.nikhef.nl/viewvc/mwsec/trunk/mwsec-utils/mkgltempdir/ (SVN source)

Latest revision as of 11:48, 8 March 2013

When you use gLExec with transient directories and input sandboxes, it's important that you create a writable directory for your target job, and you do this in a safe and portable way.

In general, the setup of the batch system and OS at a site does not guarantee that the pilot job and the target user share a common group, even though in practice the 'top-level' VO group will usually be in common. However, it's not easy to identity this most-generic group. In these cases, you need to do two things:

  • Create a temporary directory for the target job using glexec. We provide a proof-of-principle implementation on how to create such a directory, and clean up after yourself at http://ndpfsvn.nikhef.nl/viewvc/mwsec/trunk/mwsec-utils/mkgltempdir/. It will usually be inside a temporary, transient area specific to the pilot job.
  • ensure that this directory is reachable for the target job. This may mean making the 'upstream' directory traversable (not but necessarily readable) by the world.

MkGlTempDir

When creating a temporary directory in a world-writable area, you should take appropriate care to prevent race-condition vulnerabilities (the same ones that the old tempnam(3) suffers from). The script mkgltempdir helps to do that, but if you find any potential weaknesses, please let us know:

Usage: mkgltempdir [-h] [-r [-f] gltmp_directory] 
       [-t targetdir-mode] [-m parentmode] [directory]

Create a directory owned by the glexec target user in a secure fashion.
The path of the directory created is printed to stdout.

 -h                   print a help text
 -t targetdir-mode    permissions of the target directory created, a leading 0 is automatically added
                      (default: 0700, i.e. unreadable by the glexec invoker)
 -m parentmode        permissions for the current user on the parent tree, a leading 0 is automatically added
                      (default: 0755, and should traversable for target uid)
 -r gltmp_dir         remove the target directory previously created by
                      $progname. Directory must be empty, unless -f 
                      is also specified.
 -f                   force removal of target directory, see above under -r
 -v                   print version number

 directory            base directory in which target directory is created
                      (default: current value of \$TMPDIR or, if unset, /tmp)

Return value is 0 if directory was successfully created, non-zero otherwise.


Download the utility at: