Bugzilla – Bug 2655
GRAM JobManager fails to function when server is run with restrictive umask
Last modified: 2005-03-14 12:24:07
You need to
before you can comment on or make changes to this bug.
* GT 3.9.3 server running as a 'globus' user, providing GRAM services.
* Authorised client that is mapped to a local 'client' account.
The GRAM server, during the setup for a job, writes a description file
/tmp/gram_job_mgrNNNNN as the 'globus' user. This file is then read by a
process running as the 'client' user, which then parses it and follows the
instructions contained within.
However, the GT server does not alter the permissions on this temporary file
after it has created it; thus, if the server is running under a sufficiently
restrictive umask the 'client' user will be unable to read the contents and the
job execution will fail with a generic "The job manager detected an invalid
script response" error.
One workaround for this problem is to run the server process with a more
Ideally, the Globus server should be modified to either:
- explicitly update the permissions on the temporary file after it has been
- throw a warning when started under a too-restrictive umask and give a more
specific error on job failure.
The former is obviously preferable.
FYI, the relevant bundle appears to be "globus_wsrf_gram_service_java-src" and
the call to create the temporary file can be found in the constructor of
src/org/globus/exec/service/job/jobmanager/JobManagerScript.java on line 101:
this.descriptionFile = File.createTempFile("gram_job_mgr", null);
Fix in trunk. The fix simply sets 644 permissions on the temp file.