After some testing, it appears that this behavior is applied to the output and error files for scheduler universe jobs. Since DAGMan runs the DAG job that subsequently runs your jobs in scheduler universe, the (*.lib.err) & (*.lib.out) files are being set to (-rw-------). At the moment, I don't know when this change occurred.
Since you are running DAGMan, a work around you can do is make a simple script that finds those files and changes the permissions to what you need and then add it as a prescript to one of your jobs (preferably the first one). That way DAGMan will automatically change the permissions for you each run.
Hope this helps,
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Curtis Spencer <curtis.spencer@xxxxxxxxxxxx>
Sent: Thursday, August 4, 2022 1:19 PM
To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] condor_submit output and error file permissions
I recently upgraded our HTCondor from 8.6.8 to 9.10.0. Thanks to the documentation and answers found by searching this mailing list, I think I've got most things working. But I'm running into an issue that I haven't been able to figure out yet.
Using Condor 8.6.x, the permissions of the output (*.dag.lib.out) and error (*.dag.lib.err) files created by `condor_submit` were 0664 (-rw-rw-r--). However, under the new version, the permissions are 0600 (-rw-------).
I am using logstash to ingest the contents of these files into Elasticsearch for logging purposes but given the new permissions, logstash isn't able to read the files like it was when the permissions were 0664. If I manually change the permissions of these files, logstash works as it did with condor 8.6.8. Since the output and error files are re-generated automatically every time `condor_submit_dag` is run, manually editing file permissions is not feasible.
My submit file includes `getenv = True`
The umask for the user running `condor_submit_dag` is 0002
`/usr/bin/condor_submit` and `/usr/bin/condor_submit_dag` do not have setuid set
Based on that, my understanding is that `condor_submit` and `condor_submit_dag` should be running using the environment of the user and so should be using 0644 as their umask.
I have read/searched through https://htcondor.readthedocs.io/en/latest but haven't found anything about file permissions or umask for the output and error files.
Any suggestions on how to change the default file permissions of the condor_submit output and error files?