GLExec Epilogue Functionality
From PDP/Grid Wiki
Revision as of 10:50, 22 May 2012 by Msalle@nikhef.nl (talk | contribs) (Created page with "Starting from version 0.9 gLExec can optionally run a epilogue executable after the payload has finished. == General == == Environment == The epilogue runs with the same clean...")
Starting from version 0.9 gLExec can optionally run a epilogue executable after the payload has finished.
General
Environment
The epilogue runs with the same cleaned environment as gLExec sets up for the payload, with a number of additional variables, all starting with GLEXEC_EPILOG_. Any variables setup before gLExec starting with GLEXEC_EPILOG_ will be cleared before the epilogue is run.
| GLEXEC_EPILOG_ARGV<N> | argv of payload |
| GLEXEC_EPILOG_GLEXEC_USER | calling user username |
| GLEXEC_EPILOG_GLEXEC_GROUP | calling user's primary groupname |
| GLEXEC_EPILOG_GLEXEC_UID | calling user's uid |
| GLEXEC_EPILOG_GLEXEC_GID | calling user's primary gid |
| GLEXEC_EPILOG_GLEXEC_SGIDS | calling user's secondary gids, colon separated |
| GLEXEC_EPILOG_TARGET_USER | target user's username |
| GLEXEC_EPILOG_TARGET_GROUP | target user's primary groupname |
| GLEXEC_EPILOG_TARGET_UID | target user's uid |
| GLEXEC_EPILOG_TARGET_GID | target user's primary gid |
| GLEXEC_EPILOG_TARGET_SGIDS | target user's secondary gids, colon separated |
| GLEXEC_EPILOG_GLEXEC_PID | lingering gLExec process ID |
| GLEXEC_EPILOG_GLEXEC_SID | lingering gLExec session ID |
| GLEXEC_EPILOG_GLEXEC_PGID | lingering gLExec process group |
| GLEXEC_EPILOG_TARGET_PID | payload process ID |
| GLEXEC_EPILOG_TARGET_PGID | payload process group |
| GLEXEC_EPILOG_TARGET_RC | payload exit code |
Security
- In order to prevent tampering with the epilogue binary or script, the permissions need to be such, that only the root user and optionally epilogue user, has write access to the file or one of its path members (it is ``trusted-root).
- GLExec becomes immune to signals from any user but root.
