[torqueusers] Apache/PHP based job submission portal
Prakash.Velayutham at cchmc.org
Fri May 30 05:33:27 MDT 2008
Thanks for all your responses.
I think the solution Jan suggested would be nice to implement and
least exploitable. Please correct me if I am wrong.
Do you have a skeleton code that you would be willing to provide? Is
On May 29, 2008, at 6:30 PM, Jan Ploski wrote:
> Joshua Bernstein wrote:
>> On May 29, 2008, at 3:10 PM, Prakash Velayutham wrote:
>>> Hi All,
>>> This is not a Torque or Maui question, but I am very positive that
>>> some of the bright guys here have this already setup in some form
>>> or the other.
>>> We have a PHP-based web application which has a compute portion
>>> which we want to ship out to our compute cluster. Also, the PHP
>>> application is secure, meaning, only authenticated users can
>>> submit jobs.
>>> My question is, how can I make the submitted jobs run as the
>>> logged in user and not the generic Apache user (wwwrun or www or
>>> somebody else based on the distro)?
>> It should be fairly straight forward to have the PHP/Apache
>> application construct a job script. When the PHP scripts goes to
>> qsub the script, instead of just doing a system("qsub..."), You
>> should perhaps fork() and then setuid() to the username of user
>> running the job. TORQUE would therefore see the job being submitted
>> as the user rather then the www-data, or whatever user the web
>> server is running as. I could see an issue though where the web
>> user might not be able to setuid() to another user. I'd hesitate to
>> run the web server with setuid privileges... Hmmm, it is a start
> I solved a similar problem by implementing a little daemon process
> which runs as root (and so can su to whatever user you wish) and
> monitors a spool directory to which the unprivileged user (such as
> wwwrun) has write access. The unprivileged user's process writes a
> request file and notifies the daemon (by making a connection to a
> TCP socket, another IPC mechanism could be used, too).
> You could also add wwwrun to sudoers, but that would be less secure.
> Jan Ploski
> torqueusers mailing list
> torqueusers at supercluster.org
Programmer / Analyst
Cincinnati Children's Hospital Medical Center
More information about the torqueusers