Bug 739205 - Aviary getJobData method requires different permissions than FetchJobData in QMF
Summary: Aviary getJobData method requires different permissions than FetchJobData in QMF
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: condor-aviary
Version: Development
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: 2.1
: ---
Assignee: Pete MacKinnon
QA Contact: Lubos Trilety
URL:
Whiteboard:
Depends On:
Blocks: 743350
TreeView+ depends on / blocked
 
Reported: 2011-09-16 19:18 UTC by Trevor McKay
Modified: 2012-01-23 17:29 UTC (History)
4 users (show)

Fixed In Version: condor-7.6.4-0.6
Doc Type: Bug Fix
Doc Text:
When attempting to retrieve the contents of a file using the Aviary getJobData() function, a permission error occurred and the user was unable to finish the operation through the Aviary API even though it was possible to do via QMF (Qpid Management Framework). With this update, the getJobData() code has been modified to adjust file permissions earlier, and users can now retrieve files both through QMF and Aviary interfaces.
Clone Of:
Environment:
Last Closed: 2012-01-23 17:29:21 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2012:0045 normal SHIPPED_LIVE Red Hat Enterprise MRG Grid 2.1 bug fix and enhancement update 2012-01-23 22:22:58 UTC

Description Trevor McKay 2011-09-16 19:18:47 UTC
Description of problem:

The Aviary getJobData method seems to require group execute permission on directories in order for it to return data.  Otherwise, it returns permission denied errors.

In contrast, the corresponding QMF method will work with permissions restricted to the owner.

Version-Release number of selected component (if applicable):


How reproducible:

100%

Steps to Reproduce:
1. Submit a job with output, error, and log paths (I set output, error, and log paths with full paths)
2. Restrict directory permissions to owner 
3. Try get file data through Aviary getJobData calls (I used cumin), it should fail
4. Set group execute permission on the directory
5.  Get data again, it should succeed this time.

Repeat using QMF, operation should succeed with restricted permissions.

Actual results:

as above  

Expected results:

Aviary should show the same behavior as QMF.

Additional info:

From operations on a job "sheep" on a VM with output, error, and log set accordingly.

# ls -ltrd /home/tmckay/
drwx------ 24 tmckay tmckay 4096 Sep 16 14:29 /home/tmckay/
# ls -ltrd /home/tmckay/sheep.*
-rw------- 1 tmckay tmckay   0 Sep 16 14:29 /home/tmckay/sheep.output
-rw------- 1 tmckay tmckay   0 Sep 16 14:29 /home/tmckay/sheep.error
-rw------- 1 tmckay tmckay 153 Sep 16 14:34 /home/tmckay/sheep.log

Operations throgh Cumin with QMF succeed.

Stop Cumin, restart using Aviary, same ops fail with errno 13.

# chmod g+x /home/tmckay

Now Operations succeed.

Comment 2 Pete MacKinnon 2011-10-04 20:52:42 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Permission error when attempting to retrieve the contents of a file using Aviary getJobData operation. 
Consequence: User is unable to retrieve file through Aviary API whereby similar QMF version works.
Fix: Code modified to adjust file permissions earlier in getJobData implementation.
Result: User can retrieve file through QMF and Aviary interface.

Comment 3 Jeff Needle 2011-10-31 21:21:41 UTC
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,4 +1 @@
-Cause: Permission error when attempting to retrieve the contents of a file using Aviary getJobData operation. 
+Cause: Permission error when attempting to retrieve the contents of a file using Aviary getJobData operation. 
Consequence: User is unable to retrieve file through Aviary API whereby similar QMF version works.
Fix: Code modified to adjust file permissions earlier in getJobData implementation.
Result: User can retrieve file through QMF and Aviary interface.-Consequence: User is unable to retrieve file through Aviary API whereby similar QMF version works.
-Fix: Code modified to adjust file permissions earlier in getJobData implementation.
-Result: User can retrieve file through QMF and Aviary interface.

Comment 5 Lubos Trilety 2011-11-01 09:50:38 UTC
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,4 @@
-Cause: Permission error when attempting to retrieve the contents of a file using Aviary getJobData operation. 
Consequence: User is unable to retrieve file through Aviary API whereby similar QMF version works.
Fix: Code modified to adjust file permissions earlier in getJobData implementation.
Result: User can retrieve file through QMF and Aviary interface.+Cause: Permission error when attempting to retrieve the contents of a file using Aviary getJobData operation. 
+Consequence: User is unable to retrieve file through Aviary API whereby similar QMF version works.
+Fix: Code modified to adjust file permissions earlier in getJobData implementation.
+Result: User can retrieve file through QMF and Aviary interface.

Comment 6 Lubos Trilety 2011-11-01 16:32:48 UTC
Successfully reproduced with:
$CondorVersion: 7.6.3 Jul 27 2011 BuildID: RH-7.6.3-0.3.el5 $
$CondorPlatform: X86_64-RedHat_5.6 $

Not accessible using aviary if there is no group execute permission.

Comment 7 Lubos Trilety 2011-11-02 10:37:30 UTC
Tested on:
$CondorVersion: 7.6.5 Oct 31 2011 BuildID: RH-7.6.5-0.5.el5 $
$CondorPlatform: I686-RedHat_5.7 $

$CondorVersion: 7.6.5 Oct 31 2011 BuildID: RH-7.6.5-0.5.el5 $
$CondorPlatform: X86_64-RedHat_5.7 $

$CondorVersion: 7.6.5 Oct 31 2011 BuildID: RH-7.6.5-0.5.el6 $
$CondorPlatform: I686-RedHat_6.1 $

$CondorVersion: 7.6.5 Oct 31 2011 BuildID: RH-7.6.5-0.5.el6 $
$CondorPlatform: X86_64-RedHat_6.1 $

Files are accessible using aviary without group execute permission on directory.

>>> VERIFIED

Comment 9 Tomas Capek 2011-11-16 14:20:28 UTC
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,4 +1 @@
-Cause: Permission error when attempting to retrieve the contents of a file using Aviary getJobData operation. 
+When attempting to retrieve the contents of a file using the Aviary getJobData() function, a permission error occurred and the user was unable to finish the operation through the Aviary API even though it was possible to do via QMF (Qpid Management Framework). With this update, the getJobData() code has been modified to adjust file permissions earlier, and users can now retrieve files both through QMF and Aviary interfaces.-Consequence: User is unable to retrieve file through Aviary API whereby similar QMF version works.
-Fix: Code modified to adjust file permissions earlier in getJobData implementation.
-Result: User can retrieve file through QMF and Aviary interface.

Comment 10 errata-xmlrpc 2012-01-23 17:29:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-0045.html


Note You need to log in before you can comment on or make changes to this bug.