Difference between revisions of "GLExec Environment Wrap and Unwrap scripts"
| Line 6: | Line 6: | ||
| The sources can be found in our [https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/pdpsoft/trunk/grid-mw-security/glexec/util/wrap-env-var/ SVN repository]. | The sources can be found in our [https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/pdpsoft/trunk/grid-mw-security/glexec/util/wrap-env-var/ SVN repository]. | ||
| + | |||
| + |  glexec-wrapper-scripts-0.0.3-1.noarch.rpm | ||
| + |  glexec-wrapper-scripts-0.0.3-1.tar.gz | ||
| + |  glexec-wrapper-scripts_0.0.3-1_all.deb | ||
| = gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl = | = gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl = | ||
Revision as of 09:48, 10 June 2009
GLExec Wrap and Unwrap environment variables describes how you can wrap environment variables (from a Pilot Job Framework) in such a way that they don't get wipe and unwrap them (safely) in the target account (Pilot Job Payload) process.
Where to find packages and sources
We provide a new packages named glexec-wrapper-scripts (at the moment primarily) through the Etics system.
The sources can be found in our SVN repository.
glexec-wrapper-scripts-0.0.3-1.noarch.rpm glexec-wrapper-scripts-0.0.3-1.tar.gz glexec-wrapper-scripts_0.0.3-1_all.deb
gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl
Helper scripts to restore the environment variables previously wrapped into the environment variable GLEXEC_ENV using the glexec_wrapenv.pl script.
Intended usage
export GLEXEC_ENV=`glexec_wrapenv.pl` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
(Making) Exceptions
By default the following environment variables are NOT unwrapped:
- HOME
- LOGNAME
- USER
- X509_USER_PROXY
- _ (yes that's '_' !)
This set of environment variables must kept relative to the active user account. The X509_USER_PROXY and the HOME variables are set explicitly to values that are appropriate to the mapped user account.
A user can add more env vars to be excluded using either
--exclude=A --exclude=B
or
--exclude=A,B,...
Examples
Example 1:
export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
Example 2:
export GLEXEC_ENV=`glexec_wrapenv.pl` /opt/glite/sbin/glexec glexec_unwrapenv.pl --exclude=MYVAR -- <YOUR-COMMAND>
Example 3:
export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
Combined, easy to adopt, script: glexec_wrap.sh
We've combined the two Perl scripts and the gLExec call into a plain and simple shell script. This script is also packaged in the glexec-wrapper-scripts as the shell script: /opt/glite/sbin/glexec_wrap.sh
Content:
#!/bin/sh
cd ${GLITE_LOCATION:-/opt/glite}
export GLEXEC_ENV=`${0%/*}/glexec_wrapenv.pl`
exec ${GLITE_LOCATION:-/opt/glite}/sbin/glexec ${0%/*}/glexec_unwrapenv.pl -- $@
Usage:
/opt/glite/sbin/glexec_wrap.sh /usr/bin/id -a
