On Fri, Apr 03, 2020 at 02:54:19AM +0000, Shiel, Adam wrote: > I finally had a chance to experiment with this some. > > I think one basic problem was that I had bash as a login shell. Removing bash > from the login shell and specifying "qsub -S /bin/bash ...." passed my local > PATH to the remote job. > > But when I don't specify "-S /bin/bash" I get the csh login PATH settings. > That's our default shell for the queue I'm using. > > This happens even when csh isn't in the login shell list. I find that > unexpected. > Shells read some initialisation files even when not invoked as a login shell. From the man page for csh (which is really tcsh) on one of our clusters:
Non-login shells read only /etc/csh.cshrc and ~/.tcshrc or ~/.cshrc on startup. So if the PATH is configured in one of those places then it will override/modify whatever you pass in with -V or -v William > Adam > > -----Original Message----- > From: users-boun...@gridengine.org [mailto:users-boun...@gridengine.org] On > Behalf Of Hay, William > Sent: Wednesday, January 22, 2020 9:55 AM > To: Skylar Thompson <skyl...@uw.edu> > Cc: users@gridengine.org > Subject: Re: [gridengine users] qsub -V doesn't set $PATH > > On Tue, Jan 21, 2020 at 03:51:01PM +0000, Skylar Thompson wrote: > > -V strips out PATH and LD_LIBRARY_PATH for security reasons, since > > prolog > > I don't think this is the case. I've just experimented with one of our 8.1.9 > clusters and I can set arbitrary PATHs run qsub -V and have the value I set > show up in the environment of the job. More likely the job is being run with > a shell that is configured as a login shell and the init scripts for the > shell are stomping on the value of PATH. > > > and epilog scripts run with the submission environment but possibly in > > the context of a different user (i.e. a user could point a > > root-running prolog script at compromised binaries or C library). > > This is something slightly different. The prolog and epilog used to run with > the exact same environment as the job. This opened up an attack vector , > especially if the prolog or epilog were run as a privileged user rather than > the job owner. The environment in which the prolog and eiplog are run is now > sanitised. > > William > > _______________________________________________ > users mailing list > users@gridengine.org > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgridengine.org%2Fmailman%2Flistinfo%2Fusers&data=02%7C01%7C%7C7879f009a4364b7a184208d7d77e3daf%7C1faf88fea9984c5b93c9210a11d9a5c2%7C0%7C0%7C637214809518540272&sdata=YdzYQvg%2F%2BME0MEMzljKo%2BE7e13VWwJrb9PCpEIG2uQ0%3D&reserved=0
signature.asc
Description: PGP signature
_______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users