[Mauiusers] Re: [torqueusers] Apache/PHP based job submission portal

Jan Ploski Jan.Ploski at offis.de
Thu May 29 16:30:09 MDT 2008


Joshua Bernstein wrote:
> 
> On May 29, 2008, at 3:10 PM, Prakash Velayutham wrote:
> 
>> Hi All,
>>
>> This is not a Torque or Maui question, but I am very positive that 
>> some of the bright guys here have this already setup in some form or 
>> the other.
>>
>> We have a PHP-based web application which has a compute portion which 
>> we want to ship out to our compute cluster. Also, the PHP application 
>> is secure, meaning, only authenticated users can submit jobs.
>>
>> My question is, how can I make the submitted jobs run as the logged in 
>> user and not the generic Apache user (wwwrun or www or somebody else 
>> based on the distro)?
> 
> It should be fairly straight forward to have the PHP/Apache application 
> construct a job script. When the PHP scripts goes to qsub the script, 
> instead of just doing a system("qsub..."), You should perhaps fork() and 
> then setuid() to the username of user running the job. TORQUE would 
> therefore see the job being submitted as the user rather then the 
> www-data, or whatever user the web server is running as. I could see an 
> issue though where the web user might not be able to setuid() to another 
> user. I'd hesitate to run the web server with setuid privileges... Hmmm, 
> it is a start though.

I solved a similar problem by implementing a little daemon process which 
runs as root (and so can su to whatever user you wish) and monitors a 
spool directory to which the unprivileged user (such as wwwrun) has 
write access. The unprivileged user's process writes a request file and 
notifies the daemon (by making a connection to a TCP socket, another IPC 
mechanism could be used, too).

You could also add wwwrun to sudoers, but that would be less secure.

Regards,
Jan Ploski


More information about the mauiusers mailing list