[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] bug in how condor_submit checks initialdir permissions?

We've been having issues where a user would submit a job, and condor_submit would respond with

ERROR: No such directory: <path to initialdir>

even though the directory pointed to by initialdir does exist and the user has full read/write/execute permission for it.

To check for access to initialdir, condor_submit calls check_iwd, which calls access_euid, which calls access_euid_dir. access_euid_dir checks if the effrective uid or gid has access by manually checking permission bits, but it doesn't check secondary groups or ACLs, so the access check can fail even if the user really does have access. Also, check_iwd always prints "No such directory", even if the failure is caused by lack of write permission to the directory.

Replacing all calls to access_euid with the system provided euidaccess seems to fix the problem. Is this the right thing to do?


 - Jason