[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] How to get Condor jobs to respect gid and umask

On Apr 28, 2006, at 3:11 PM, Little, Colin E wrote:

I'm having problems with jobs not running with the correct umask and gid.  Ideally I would like jobs to run on the remote machine with the same gid and umask that the user had when he submitted the job, but Condor doesn't retain umask and as far as I can tell it doesn't retain gid either. The plan for umask is to put a "umask 2" line into the /etc/init.d/condor script so that the condor_master starts with a umask we can live with, but it'd be better if this changed based on user umask.  I'm not sure how to get it to respect gid; it seems to always run jobs with the user's default gid instead of the one that they are currently using.  


Has anyone run into this before?  Any ideas on how to fix this?  I'm particularly interested in a solution for gid, since we have some sensitive data that needs to remain protected and switching it to the user's default group could cause problems.

Currently, Condor does not try to preserve the user's gid or umask when running jobs. We plan to add this to a future release.

In the mean time, you could wrap condor_submit with script that puts the gid and umask in the job's environment, then use USER_JOB_WRAPPER to read those environment  variables to set the gid and umask before starting the job.

|           Jaime Frey           | I used to be a heavy gambler.     |
|       jfrey@xxxxxxxxxxx        | But now I just make mental bets.  |
| http://www.cs.wisc.edu/~jfrey/ | That's how I lost my mind.        |