[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] bug in how condor_submit checks initialdir permissions?



On Mar 5, 2013, at 9:29 AM, Jason Ferrara <jason.ferrara@xxxxxxxxxxxxx> wrote:

> We've been having issues where a user would submit a job, and condor_submit would respond with
> 
> ERROR: No such directory: <path to initialdir>
> 
> even though the directory pointed to by initialdir does exist and the user has full read/write/execute permission for it.
> 
> To check for access to initialdir, condor_submit calls check_iwd, which calls access_euid, which calls access_euid_dir. access_euid_dir checks if the effrective uid or gid has access by manually checking permission bits, but it doesn't check secondary groups or ACLs, so the access check can fail even if the user really does have access. Also, check_iwd always prints "No such directory", even if the failure is caused by lack of write permission to the directory.
> 
> Replacing all calls to access_euid with the system provided euidaccess seems to fix the problem. Is this the right thing to do?

That does sound like the right thing to do, where euidaccess() is available. I'll make an entry in our bug tracking system, though I can't say when we'll get a chance to make the change and test it.

Thanks and regards,
Jaime Frey
UW-Madison HTCondor Project