[MediaWiki-commits] [Gerrit] Make job output files private by default. - change (labs/toollabs)

Sun, 09 Jun 2013 17:48:23 -0700 

Tim Landscheidt has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/67644


Change subject: Make job output files private by default.
......................................................................

Make job output files private by default.

Job output files are created by SGE with permissions 644 by default.
There has been concern that these files may contain passwords in stack
traces.

With this change, if job output files do not exist, they are
pre-created with permissions 600 for user accounts and 660 for tool
accounts.  SGE will just append to these files and not change the
permissions.

To fine-tune, users may supply the option "-umask UMASK" which will
override the default umask.  UMASK is interpreted as octal,
i. e. "-umask 022" does what one would expect.

This fixes bug #48818.

Bug: 48818
Change-Id: I94a2bd4af699d2d0c19cc429a56b932381510cf9
---
M packages/jobutils/usr/local/bin/jsub
M packages/jobutils/usr/share/man/man1/jstart.1
M packages/jobutils/usr/share/man/man1/jsub.1
3 files changed, 35 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/labs/toollabs 
refs/changes/44/67644/1

diff --git a/packages/jobutils/usr/local/bin/jsub 
b/packages/jobutils/usr/local/bin/jsub
index 78f34fd..d10b896 100755
--- a/packages/jobutils/usr/local/bin/jsub
+++ b/packages/jobutils/usr/local/bin/jsub
@@ -11,6 +11,7 @@
        '-l' => 1, '-now' => 1, '-N' => 1, '-o' => 1, '-p' => 1, '-q' => 1, 
'-soft' => 0,
        '-sync' => 1, '-v' => 1, '-wd' => 1,
        '-mem' => 1, '-once' => 0, '-stderr' => 0, '-continuous' => 0, '-quiet' 
=> 0,
+       '-umask' => 1,
 );
 my %qsargs;
 my @args;
@@ -37,6 +38,10 @@
 
   return $amount;
 }
+
+# Set default umask for output files depending on whether we're called
+# by a user or a tool.
+my $umask = $> >= 50000 ? 0007 : 0077;
 
 $continuous = $once = 1 if ($script eq 'jstart');
 $once = 1 if $script eq 'qcronsub';
@@ -69,6 +74,7 @@
                    if invoked as 'jstart' or 'qcronsub').
  -continuous       Start a self-restarting job on the continuous
                    queue (default if invoked as 'jstart')
+ -umask <value>    Set umask for output files if they don't exist
  -quiet            If successful, don't output anything
 
 Unlike qsub, if you do not specify output and error files, output is appended
@@ -130,6 +136,10 @@
   } elsif($opt eq '-continuous') {
     $continuous = 1;
     $once = 1;
+  } elsif($opt eq '-umask') {
+    die ("$script: umask must be an octal value: $optval\n")
+      unless ($optval =~ /^[0-7]+$/);
+    $umask = oct ($optval);
   } elsif($opt eq '-quiet') {
     $quiet = 1;
   } else {
@@ -163,7 +173,29 @@
 $out = $qsargs{'-o'} if defined $qsargs{'-o'};
 $err = $out if defined $qsargs{'-j'} and $qsargs{'-j'} =~ m/^[yY]/;
 
-open STDERR, ">>$err" unless $stderr;
+# For STDOUT and STDERR we do the same dance:
+# - If the output file exists, we do nothing (the output file being a
+#   directory is a subset of this).
+# - Otherwise, we touch the output file once with the set umask or --
+#   for the error output file and if -stderr was not given -- redirect
+#   STDERR to the file with the set umask.
+my $oldumask = umask ($umask);
+if (!-e $out) {
+  open (my $tempfh, '>>', $out) or
+    die ("Couldn't touch '$out': $!");
+  close ($tempfh);
+}
+if (!-d $err) {
+  if ($stderr) {
+    open (my $tempfh, '>>', $err) or
+      die ("Couldn't touch '$err': $!");
+    close ($tempfh);
+  } else {
+    open (STDERR, '>>', $err) or
+      die ("Couldn't redirect STDERR to '$err': $!");
+  }
+}
+umask ($oldumask);
 
 my $now = localtime;
 
diff --git a/packages/jobutils/usr/share/man/man1/jstart.1 
b/packages/jobutils/usr/share/man/man1/jstart.1
index 25fb4f6..8fb4d2a 100644
--- a/packages/jobutils/usr/share/man/man1/jstart.1
+++ b/packages/jobutils/usr/share/man/man1/jstart.1
@@ -16,6 +16,7 @@
                    invoked as 'jstart').
  \-continuous       Start a self-restarting job on the continuous
                    queue (default if invoked as 'jstart')
+ \-umask <value>    Set umask for output files if they don't exist
  \-quiet            Suppress output if job could be submitted.
 
 Unlike qsub, if you do not specify output and error files, output is appended
diff --git a/packages/jobutils/usr/share/man/man1/jsub.1 
b/packages/jobutils/usr/share/man/man1/jsub.1
index 0c747e4..03e5215 100644
--- a/packages/jobutils/usr/share/man/man1/jsub.1
+++ b/packages/jobutils/usr/share/man/man1/jsub.1
@@ -16,6 +16,7 @@
                    invoked as 'jstart').
  \-continuous       Start a self-restarting job on the continuous
                    queue (default if invoked as 'jstart')
+ \-umask <value>    Set umask for output files if they don't exist
  \-quiet            Suppress output if job could be submitted.
 
 Unlike qsub, if you do not specify output and error files, output is appended

-- 
To view, visit https://gerrit.wikimedia.org/r/67644
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I94a2bd4af699d2d0c19cc429a56b932381510cf9
Gerrit-PatchSet: 1
Gerrit-Project: labs/toollabs
Gerrit-Branch: master
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to