GLExec Environment Wrap and Unwrap scripts

From PDP/Grid Wiki
Jump to navigationJump to search

To help you master the obstacles of gLExec's security we offer some interesting How To material:

gLExec wrapper scripts: glexec_wrapenv.pl and glexec_unwrapenv.pl)

Helper script to restore the environment variables previously wrapped into the environment variable GLEXEC_ENV using the glexec_wrapenv.pl script.

Intended usage:

export GLEXEC_ENV=`glexec_wrapenv.pl`
/opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>

By default the following environment variables are NOT unwrapped:

  • HOME
  • LOGNAME
  • USER
  • X509_USER_PROXY
  • _ (yes that's '_' !)

A user can add more env vars to be excluded using either

--exclude=A --exclude=B

or

--exclude=A,B,...

Example 1:

export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR`
/opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>

Example 2:

export GLEXEC_ENV=`glexec_wrapenv.pl`
/opt/glite/sbin/glexec glexec_unwrapenv.pl --exclude=MYVAR -- <YOUR-COMMAND>

Example 3:

export GLEXEC_ENV=`glexec_wrapenv.pl --exclude=MYVAR`
/opt/glite/sbin/glexec glexec_unwrapenv.pl -- <YOUR-COMMAND>