[GE users] Application Server Submitting on Behalf of a User

Olesen, Mark Mark.Olesen at arvinmeritor.com
Mon Jun 19 14:10:13 BST 2006


    [ The following text is in the "X-UNKNOWN" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Chris,

I only have a very ugly workaround (may or may not meet your security
needs).

The application gets called thru a wrapper that invokes itself via 'sudo'.
The final submission to the GridEngine then occurs as the submitting user.

I've gutted one of my scripts to give you an idea - it thus may not work
straight out of the box.

/mark


#!/bin/sh
# sge starter for XXX -
# requires corresponding entry for executing '$0' in /etc/sudoers
# eg,
# ---------------
# User_Alias      SGE= cfdadmin
# Runas_Alias     GTP= %cfd
# Cmnd_Alias      GTEXEC= /opt/n1ge6/default/site/gtexecd
# SGE             ALL= (GTP) NOPASSWD: GTEXEC
#
#
---------------------------------------------------------------------------

# <gridengine>
# =======================
# standard start options, intercept KILL
#$ -S /bin/sh -cwd -j y -notify
#
# request specific queues and resources
# =======================
# </gridengine>

# <settings>
#
---------------------------------------------------------------------------
: ${SGE_ROOT:=/opt/n1ge6}
: ${SGE_CELL:=default}

# job information provided by submitting application (in job.info):
#	USERNAME

unset USERNAME			# avoid any possible problems

for i in $SGE_ROOT/$SGE_CELL/site/environ job.info
do [ -f $i ] && . $i; done

# </settings>
#
---------------------------------------------------------------------------

#
# first pass
#
if [ -z "$JOB_ID" ]; then
   if [ "$1" = "-nosudo" ]; then	# trap previous sudo
      shift
   elif [ -n "$USERNAME" -a "$USERNAME" != "$USER" ]; then
      exec sudo -S -u $USERNAME $0 -nosudo $@
      exitcode=$?	# retain exitcode

      [ "$exitcode" == 0 ] || {
        echo "could not change to $USERNAME"
	exit $exitcode
      }
   fi

   # drop thru for normal usage
cat<<PRINT
----------------------------------------------------------------------
DATE=[`date +'%Y-%m-%dT%H:%M:%S'`]
SCRIPT=$0
PWD=$PWD
CMD=$@

USER=$USER
USERNAME=$USERNAME
----------------------------------------------------------------------
PRINT

   info=`$SGE_BINARY_PATH/qsub $0 $@ 2>&1`
   exitcode=$?

   [ "$exitcode" == 0 ] || {
     echo "Error submitting job"
     exit $exitcode
   }

   # parse qsub output:
   #  Your job 18023 ("foo") has been submitted.
   # fix this when the proposed '-batch' option comes

   # Record the job ID for use by kill scripts

   exit $exitcode
else
  #
===========================================================================
  # entry point for qsub job - dispatch the problem
  #
  echo "(II) job_id  $JOB_ID"
  echo "(II) queue   ${QUEUE:-NULL}"
  echo "(II) host    ${HOSTNAME:-NULL}"

  # with '-notify' we receive
  #   STOP => USR1 (suspend)
  #   KILL => USR2 (kill)
  #
  ###  trap 'stop_aux' USR1 USR2 EXIT

  $@

  echo "(--) done"
fi

exit 0
# ------------------------------------------------------------ end-of-file

This e-mail message and any attachments may contain legally privileged, confidential or proprietary Information, or information otherwise protected by law of ArvinMeritor, Inc., its affiliates, or third parties. This notice serves as marking of its ?Confidential? status as defined in any confidentiality agreements concerning the sender and recipient. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this e-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this e-mail message from your computer.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list