Difference between revisions of "GLExec TransientPilotJobs"
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | When you use | + | When you use [[gLExec]] with transient directories and input sandboxes, it's important that you create a writable directory for your target job, and you do this in a safe and portable way. |
In general, the setup of the batch system and OS at a site does not guarantee that the pilot job and the target user share a common group, even though in practice the 'top-level' VO group will usually be in common. However, it's not easy to identity this most-generic group. In these cases, you need to do two things: | In general, the setup of the batch system and OS at a site does not guarantee that the pilot job and the target user share a common group, even though in practice the 'top-level' VO group will usually be in common. However, it's not easy to identity this most-generic group. In these cases, you need to do two things: | ||
− | * Create a temporary directory for the target job using glexec. We provide a proof-of-principle implementation on how to create such a directory, and clean up after yourself at | + | * Create a temporary directory for the target job using glexec. We provide a proof-of-principle implementation on how to create such a directory, and clean up after yourself at http://ndpfsvn.nikhef.nl/viewvc/mwsec/trunk/mwsec-utils/mkgltempdir/. It will usually be inside a temporary, transient area specific to the pilot job. |
* ensure that this directory is reachable for the target job. This may mean making the 'upstream' directory traversable (not but necessarily readable) by the world. | * ensure that this directory is reachable for the target job. This may mean making the 'upstream' directory traversable (not but necessarily readable) by the world. | ||
Line 16: | Line 16: | ||
The path of the directory created is printed to stdout. | The path of the directory created is printed to stdout. | ||
− | -t targetdir-mode permissions of the target directory created | + | -h print a help text |
+ | -t targetdir-mode permissions of the target directory created, a leading 0 is automatically added | ||
(default: 0700, i.e. unreadable by the glexec invoker) | (default: 0700, i.e. unreadable by the glexec invoker) | ||
− | -m parentmode permissions for the current user on the parent tree | + | -m parentmode permissions for the current user on the parent tree, a leading 0 is automatically added |
(default: 0755, and should traversable for target uid) | (default: 0755, and should traversable for target uid) | ||
-r gltmp_dir remove the target directory previously created by | -r gltmp_dir remove the target directory previously created by | ||
$progname. Directory must be empty, unless -f | $progname. Directory must be empty, unless -f | ||
is also specified. | is also specified. | ||
+ | -f force removal of target directory, see above under -r | ||
+ | -v print version number | ||
directory base directory in which target directory is created | directory base directory in which target directory is created |
Latest revision as of 11:48, 8 March 2013
When you use gLExec with transient directories and input sandboxes, it's important that you create a writable directory for your target job, and you do this in a safe and portable way.
In general, the setup of the batch system and OS at a site does not guarantee that the pilot job and the target user share a common group, even though in practice the 'top-level' VO group will usually be in common. However, it's not easy to identity this most-generic group. In these cases, you need to do two things:
- Create a temporary directory for the target job using glexec. We provide a proof-of-principle implementation on how to create such a directory, and clean up after yourself at http://ndpfsvn.nikhef.nl/viewvc/mwsec/trunk/mwsec-utils/mkgltempdir/. It will usually be inside a temporary, transient area specific to the pilot job.
- ensure that this directory is reachable for the target job. This may mean making the 'upstream' directory traversable (not but necessarily readable) by the world.
MkGlTempDir
When creating a temporary directory in a world-writable area, you should take appropriate care to prevent race-condition vulnerabilities (the same ones that the old tempnam(3) suffers from). The script mkgltempdir helps to do that, but if you find any potential weaknesses, please let us know:
Usage: mkgltempdir [-h] [-r [-f] gltmp_directory] [-t targetdir-mode] [-m parentmode] [directory] Create a directory owned by the glexec target user in a secure fashion. The path of the directory created is printed to stdout. -h print a help text -t targetdir-mode permissions of the target directory created, a leading 0 is automatically added (default: 0700, i.e. unreadable by the glexec invoker) -m parentmode permissions for the current user on the parent tree, a leading 0 is automatically added (default: 0755, and should traversable for target uid) -r gltmp_dir remove the target directory previously created by $progname. Directory must be empty, unless -f is also specified. -f force removal of target directory, see above under -r -v print version number directory base directory in which target directory is created (default: current value of \$TMPDIR or, if unset, /tmp) Return value is 0 if directory was successfully created, non-zero otherwise.
Download the utility at:
- http://software.nikhef.nl/dist/mwsec/rpm/ (RPM repositories)
- http://software.nikhef.nl/security/mkgltempdir/ (source tarball)
- http://ndpfsvn.nikhef.nl/viewvc/mwsec/trunk/mwsec-utils/mkgltempdir/ (SVN source)