GLExec Epilogue Functionality

From PDP/Grid Wiki
Revision as of 11:50, 22 May 2012 by Msalle@nikhef.nl (talk | contribs) (Created page with "Starting from version 0.9 gLExec can optionally run a epilogue executable after the payload has finished. == General == == Environment == The epilogue runs with the same clean...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Starting from version 0.9 gLExec can optionally run a epilogue executable after the payload has finished.

General

Environment

The epilogue runs with the same cleaned environment as gLExec sets up for the payload, with a number of additional variables, all starting with GLEXEC_EPILOG_. Any variables setup before gLExec starting with GLEXEC_EPILOG_ will be cleared before the epilogue is run.

GLEXEC_EPILOG_ARGV<N> argv of payload
GLEXEC_EPILOG_GLEXEC_USER calling user username
GLEXEC_EPILOG_GLEXEC_GROUP calling user's primary groupname
GLEXEC_EPILOG_GLEXEC_UID calling user's uid
GLEXEC_EPILOG_GLEXEC_GID calling user's primary gid
GLEXEC_EPILOG_GLEXEC_SGIDS calling user's secondary gids, colon separated
GLEXEC_EPILOG_TARGET_USER target user's username
GLEXEC_EPILOG_TARGET_GROUP target user's primary groupname
GLEXEC_EPILOG_TARGET_UID target user's uid
GLEXEC_EPILOG_TARGET_GID target user's primary gid
GLEXEC_EPILOG_TARGET_SGIDS target user's secondary gids, colon separated
GLEXEC_EPILOG_GLEXEC_PID lingering gLExec process ID
GLEXEC_EPILOG_GLEXEC_SID lingering gLExec session ID
GLEXEC_EPILOG_GLEXEC_PGID lingering gLExec process group
GLEXEC_EPILOG_TARGET_PID payload process ID
GLEXEC_EPILOG_TARGET_PGID payload process group
GLEXEC_EPILOG_TARGET_RC payload exit code


Security

  • In order to prevent tampering with the epilogue binary or script, the permissions need to be such, that only the root user and optionally epilogue user, has write access to the file or one of its path members (it is ``trusted-root).
  • GLExec becomes immune to signals from any user but root.