[torqueusers] stdout, stderr permissions after sys_copy
Jeffrey B. Reed
jeff.reed at intrinsity.com
Thu Dec 15 08:32:42 MST 2005
Our flow requires that a project group has read access of the output of jobs.
Currently these files are copied with the mode 0600. The issue as I see it is:
If you are using NFS and have the appropriate $usecp set, sys_copy will use for
example:
/bin/cp -r TORQUE_SPOOL/spool/45.server.m.OU /nfs/location/output-file
If the destination file does not exist, /bin/cp will use the same mode as the
source file. In this case 0600. This mode is forced most likely due to the
fact that there is no guarantee that the output will be delivered and it would
be a security risk to have it set any other way. I experimented a little and
the only solutions I came up with are:
1: Ignore security issues
Discover the submitter's umask and set that umask in start_exec.c
2: Use an alternate local copy command
Discover submitter's umask and use that corresponding mode to call a copy like
application that supports modes. For example: /usr/bin/install --mode=<mode>
I assume this is not a issue with pbs_rcp or scp, because a proper login occurs
on the remote node prior to the copy.
Does anyone have any thoughts on this issue?
Jeff
--
Jeffrey B. Reed
jbreed at intrinsity.com
512-421-2219
More information about the torqueusers
mailing list