Bug 2655 - GRAM JobManager fails to function when server is run with restrictive umask
: GRAM JobManager fails to function when server is run with restrictive umask
Status: RESOLVED FIXED
: GRAM
wsrf managed execution job service
: 3.9.3
: PC Linux
: P3 minor
: ---
Assigned To:
:
:
:
: 2905
  Show dependency treegraph
 
Reported: 2005-01-28 05:47 by
Modified: 2005-03-14 12:24 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2005-01-28 05:47:20
Scenario:
 * GT 3.9.3 server running as a 'globus' user, providing GRAM services.
 * Authorised client that is mapped to a local 'client' account.

The GRAM server, during the setup for a job, writes a description file
/tmp/gram_job_mgrNNNNN as the 'globus' user.  This file is then read by a
process running as the 'client' user, which then parses it and follows the
instructions contained within.  

However, the GT server does not alter the permissions on this temporary file
after it has created it; thus, if the server is running under a sufficiently
restrictive umask the 'client' user will be unable to read the contents and the
job execution will fail with a generic "The job manager detected an invalid
script response" error.

One workaround for this problem is to run the server process with a more
permissive umask.

Ideally, the Globus server should be modified to either:
 - explicitly update the permissions on the temporary file after it has been
written, or 
 - throw a warning when started under a too-restrictive umask and give a more
specific error on job failure.

The former is obviously preferable.

FYI, the relevant bundle appears to be "globus_wsrf_gram_service_java-src" and
the call to create the temporary file can be found in the constructor of
src/org/globus/exec/service/job/jobmanager/JobManagerScript.java on line 101:

      this.descriptionFile = File.createTempFile("gram_job_mgr", null);

Cheers,
David
------- Comment #1 From 2005-03-14 12:24:07 -------
Fix in trunk.  The fix simply sets 644 permissions on the temp file.