[Condor-users] File permissions for temporary files, umask ignored

[Myung Cho <myunghcho@xxxxxxxxx>]

Hi,

I am testing Condor for use at our company and during our testing we
noticed a security issue I can't seem to find a documented fix for. We
have multiple teams sharing a cluster pool and each team runs a set of
jobs which they would like to keep the actual program and the input &
output data private. When normally run by hand, each team sets their
umask so that the other teams can not view the program or the input &
output. However, when the job is run via Condor, Condor creates the
temporary files in /var/lib/condor/execute with world readable
permissions. What we would like to see ideally is for condor to create
these temp files with the umask set by the user or at least make it so
the temp files are only user readable.

I have looked through the mailing list archives and the documentation
but have not found a work around for this. Is there something I am
overlooking? Is there a setting for the temporary file umask?

Thanks,

Myung