Difference between revisions of "GLExec Environment Wrap and Unwrap scripts"
| Line 7: | Line 7: | ||
| The sources can be found in our [https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/pdpsoft/trunk/grid-mw-security/glexec/util/wrap-env-var/ SVN repository]. | The sources can be found in our [https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/pdpsoft/trunk/grid-mw-security/glexec/util/wrap-env-var/ SVN repository]. | ||
| − | We provide a new package named [http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.glite.security.glexec-wrapper-scripts/ glexec-wrapper-scripts], which is distributed as part of the glite-GLEXEC_wn  | + | We provide a new package named [http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.glite.security.glexec-wrapper-scripts/ glexec-wrapper-scripts], which is distributed as part of the glite-GLEXEC_wn ([http://linuxsoft.cern.ch/EGEE/gLite/R3.1/glite-GLEXEC_wn/ gLite 3.1] and [http://linuxsoft.cern.ch/EGEE/gLite/R3.2/glite-GLEXEC_wn/ gLite 3.2]) and can also be found in the Etics repository. | 
|   CURRENT_WRAPPER_VERSION=0.0.3-1 |   CURRENT_WRAPPER_VERSION=0.0.3-1 | ||
Revision as of 15:22, 14 April 2010
GLExec Wrap and Unwrap environment variables describes how you can wrap environment variables (from a Pilot Job Framework) in such a way that they don't get wipe and unwrap them (safely) in the target account (Pilot Job Payload) process.
More (details) information can be found on the Need to Know's page.
Where to find packages and sources
The sources can be found in our SVN repository.
We provide a new package named glexec-wrapper-scripts, which is distributed as part of the glite-GLEXEC_wn (gLite 3.1 and gLite 3.2) and can also be found in the Etics repository.
CURRENT_WRAPPER_VERSION=0.0.3-1
glexec-wrapper-scripts-${CURRENT_WRAPPER_VERSION}.noarch.rpm
glexec-wrapper-scripts_${CURRENT_WRAPPER_VERSION}_all.deb
glexec-wrapper-scripts-${CURRENT_WRAPPER_VERSION}.tar.gz
gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl
Helper scripts to restore the environment variables previously wrapped into the environment variable GLEXEC_ENV using the glexec_wrapenv.pl script.
Intended usage
export GLEXEC_ENV=`glexec_wrapenv.pl` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
(Making) Exceptions
By default the following environment variables are NOT unwrapped:
- HOME
- LOGNAME
- USER
- X509_USER_PROXY
- _ (yes that's '_' !)
This set of environment variables must kept relative to the active user account. The X509_USER_PROXY and the HOME variables are set explicitly to values that are appropriate to the mapped user account.
A user can add more env vars to be excluded using either
--exclude=A --exclude=B
or
--exclude=A,B,...
Examples
Example 1:
export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
Example 2:
export GLEXEC_ENV=`glexec_wrapenv.pl` /opt/glite/sbin/glexec glexec_unwrapenv.pl --exclude=MYVAR -- <YOUR-COMMAND>
Example 3:
export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR,FOO` /opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>
Combined, easy to adopt, script: glexec_wrap.sh
We've combined the two Perl scripts and the gLExec call into a plain and simple shell script. This script is also packaged in the glexec-wrapper-scripts as the shell script: /opt/glite/sbin/glexec_wrap.sh
Content:
#!/bin/sh
cd ${GLITE_LOCATION:-/opt/glite}
export GLEXEC_ENV=`${0%/*}/glexec_wrapenv.pl`
exec ${GLITE_LOCATION:-/opt/glite}/sbin/glexec ${0%/*}/glexec_unwrapenv.pl -- $@
Usage:
/opt/glite/sbin/glexec_wrap.sh /usr/bin/id -a
