Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 561955 - PREPARE hook invoked as condor, not as user. cannot access $PWD.
PREPARE hook invoked as condor, not as user. cannot access $PWD.
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: condor (Show other bugs)
1.2
All Linux
high Severity high
: 1.3
: ---
Assigned To: Erik Erlandson
Luigi Toscano
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-02-04 14:24 EST by Matthew Farrellee
Modified: 2010-10-14 12:06 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, the prepare hook was not invoked with the proper privileges to access the job's execute directory. With this update, the output of id matches the owner of $PWD and the issue is resolved.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-14 12:06:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0773 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Messaging and Grid Version 1.3 2010-10-14 11:56:44 EDT

  None (edit)
Description Matthew Farrellee 2010-02-04 14:24:22 EST 
Description of problem:

The PREPARE hook is designed to stage files for the job to use when it runs.

http://www.cs.wisc.edu/condor/manual/v7.4/4_4Job_Hooks.html

The staging should happen into the job's execute directory.

The prepare hook is not invoked with the proper privs to access the job's execute directory.


Version-Release number of selected component (if applicable):

At least...

$ condor_version
$CondorVersion: 7.4.2 Jan 21 2010 BuildID: RH-7.4.2-0.5.el5 PRE-RELEASE $
$CondorPlatform: X86_64-LINUX_RHEL5 $


How reproducible:

100%


Steps to Reproduce:
1.

$ condor_config_val JUNK_HOOK_PREPARE_JOB
/opt/junk/prepare_hook.sh

2.

 cat /opt/junk/prepare_hook.sh
#!/bin/sh

id > /tmp/prepare_hook.log
env >> /tmp/prepare_hook.log
ls -alR $PWD >> /tmp/prepare_hook.log

exit 1

3.

$ echo -e 'cmd=/bin/sleep\nargs=1m\n+hookkeyword="junk"\nqueue\n' | condor_submit


Actual results:

$ cat /tmp/prepare_hook.log 
uid=64(condor) gid=64(condor) groups=143(gridmonkey) context=user_u:system_r:unconfined_execmem_t
_CONDOR_ANCESTOR_9005=9021:1265310617:3430228736
TERM=dumb
CONDOR_PARENT_ID=mrg27:9005:1265310617
CONDOR_PROCD_ADDRESS_BASE=/var/run/condor/procd_pipe
_CONDOR_ANCESTOR_32093=1901:1264164341:128034522
PATH=/sbin:/usr/sbin:/bin:/usr/bin
PWD=/var/lib/condor/execute/dir_9005
LANG=en_US.UTF-8
_CONDOR_EXECUTE=/var/lib/condor/execute
SHLVL=3
CONDOR_INHERIT=9005 <10.16.44.232:50042> 0 0
_CONDOR_ANCESTOR_1901=9005:1265310617:3186829336
CONDOR_PROCD_ADDRESS=/var/run/condor/procd_pipe.STARTD
_=/bin/env
/var/lib/condor/execute/dir_9005:
total 16
drwxr-xr-x 2 gridmonkey gridmonkey 4096 Feb  4 14:10 .
drwxr-xr-x 3 condor     condor     4096 Feb  4 14:10 ..


Expected results:

Expect the output of id to match the owner of $PWD
Comment 1 Erik Erlandson 2010-04-08 18:53:07 EDT 
Candidate fix on branch: V7_4-BZ561955-prepare-hook-uid
Comment 2 Erik Erlandson 2010-04-08 18:54:41 EDT 
Bug does *not* replicate when running as root w/ privsep configured.  Need to be running as root, without privsep.
Comment 3 Erik Erlandson 2010-04-30 16:03:45 EDT 
Merged to grid master as of 7.4.3-0.11
Comment 4 Luigi Toscano 2010-06-25 11:37:36 EDT 
PREPARE hook runs with the privileges of job submitter.

Verified on RHEL4.8/5.5, i386/x86_64.

condor-7.4.3-0.21
Comment 5 Florian Nadge 2010-10-07 09:43:01 EDT 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, the prepare hook was not invoked with the proper privileges to access the job's execute directory. With this update, the output of id matches the owner of $PWD and the issue is resolved.
Comment 7 errata-xmlrpc 2010-10-14 12:06:42 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0773.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.