Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 561955

Summary: PREPARE hook invoked as condor, not as user. cannot access $PWD.
Product: Red Hat Enterprise MRG Reporter: Matthew Farrellee <matt>
Component: condorAssignee: Erik Erlandson <eerlands>
Status: CLOSED ERRATA QA Contact: Luigi Toscano <ltoscano>
Severity: high Docs Contact:
Priority: high    
Version: 1.2CC: fnadge, ltoscano
Target Milestone: 1.3   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously, the prepare hook was not invoked with the proper privileges to access the job's execute directory. With this update, the output of id matches the owner of $PWD and the issue is resolved.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-14 16:06:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Farrellee 2010-02-04 19:24:22 UTC 
Description of problem:

The PREPARE hook is designed to stage files for the job to use when it runs.

http://www.cs.wisc.edu/condor/manual/v7.4/4_4Job_Hooks.html

The staging should happen into the job's execute directory.

The prepare hook is not invoked with the proper privs to access the job's execute directory.


Version-Release number of selected component (if applicable):

At least...

$ condor_version
$CondorVersion: 7.4.2 Jan 21 2010 BuildID: RH-7.4.2-0.5.el5 PRE-RELEASE $
$CondorPlatform: X86_64-LINUX_RHEL5 $


How reproducible:

100%


Steps to Reproduce:
1.

$ condor_config_val JUNK_HOOK_PREPARE_JOB
/opt/junk/prepare_hook.sh

2.

 cat /opt/junk/prepare_hook.sh
#!/bin/sh

id > /tmp/prepare_hook.log
env >> /tmp/prepare_hook.log
ls -alR $PWD >> /tmp/prepare_hook.log

exit 1

3.

$ echo -e 'cmd=/bin/sleep\nargs=1m\n+hookkeyword="junk"\nqueue\n' | condor_submit


Actual results:

$ cat /tmp/prepare_hook.log 
uid=64(condor) gid=64(condor) groups=143(gridmonkey) context=user_u:system_r:unconfined_execmem_t
_CONDOR_ANCESTOR_9005=9021:1265310617:3430228736
TERM=dumb
CONDOR_PARENT_ID=mrg27:9005:1265310617
CONDOR_PROCD_ADDRESS_BASE=/var/run/condor/procd_pipe
_CONDOR_ANCESTOR_32093=1901:1264164341:128034522
PATH=/sbin:/usr/sbin:/bin:/usr/bin
PWD=/var/lib/condor/execute/dir_9005
LANG=en_US.UTF-8
_CONDOR_EXECUTE=/var/lib/condor/execute
SHLVL=3
CONDOR_INHERIT=9005 <10.16.44.232:50042> 0 0
_CONDOR_ANCESTOR_1901=9005:1265310617:3186829336
CONDOR_PROCD_ADDRESS=/var/run/condor/procd_pipe.STARTD
_=/bin/env
/var/lib/condor/execute/dir_9005:
total 16
drwxr-xr-x 2 gridmonkey gridmonkey 4096 Feb  4 14:10 .
drwxr-xr-x 3 condor     condor     4096 Feb  4 14:10 ..


Expected results:

Expect the output of id to match the owner of $PWD
Comment 1 Erik Erlandson 2010-04-08 22:53:07 UTC 
Candidate fix on branch: V7_4-BZ561955-prepare-hook-uid
Comment 2 Erik Erlandson 2010-04-08 22:54:41 UTC 
Bug does *not* replicate when running as root w/ privsep configured.  Need to be running as root, without privsep.
Comment 3 Erik Erlandson 2010-04-30 20:03:45 UTC 
Merged to grid master as of 7.4.3-0.11
Comment 4 Luigi Toscano 2010-06-25 15:37:36 UTC 
PREPARE hook runs with the privileges of job submitter.

Verified on RHEL4.8/5.5, i386/x86_64.

condor-7.4.3-0.21
Comment 5 Florian Nadge 2010-10-07 13:43:01 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, the prepare hook was not invoked with the proper privileges to access the job's execute directory. With this update, the output of id matches the owner of $PWD and the issue is resolved.
Comment 7 errata-xmlrpc 2010-10-14 16:06:42 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0773.html