Joshua Bernstein wrote:
On May 29, 2008, at 3:10 PM, Prakash Velayutham wrote:
Hi All,
This is not a Torque or Maui question, but I am very positive that
some of the bright guys here have this already setup in some form or
the other.
We have a PHP-based web application which has a compute portion which
we want to ship out to our compute cluster. Also, the PHP application
is secure, meaning, only authenticated users can submit jobs.
My question is, how can I make the submitted jobs run as the logged in
user and not the generic Apache user (wwwrun or www or somebody else
based on the distro)?
It should be fairly straight forward to have the PHP/Apache application
construct a job script. When the PHP scripts goes to qsub the script,
instead of just doing a system("qsub..."), You should perhaps fork() and
then setuid() to the username of user running the job. TORQUE would
therefore see the job being submitted as the user rather then the
www-data, or whatever user the web server is running as. I could see an
issue though where the web user might not be able to setuid() to another
user. I'd hesitate to run the web server with setuid privileges... Hmmm,
it is a start though.
I solved a similar problem by implementing a little daemon process which
runs as root (and so can su to whatever user you wish) and monitors a
spool directory to which the unprivileged user (such as wwwrun) has
write access. The unprivileged user's process writes a request file and
notifies the daemon (by making a connection to a TCP socket, another IPC
mechanism could be used, too).
You could also add wwwrun to sudoers, but that would be less secure.
Regards,
Jan Ploski
_______________________________________________
mauiusers mailing list
[email protected]
http://www.supercluster.org/mailman/listinfo/mauiusers
