Re: [galaxy-dev] submitting jobs as the real user
No, that's not it. The galaxy user, as well as all other users, have umask 022 by default. I believe the problem is with Apache uploading. I can't figure out how to reconfigure Apache to set the permissions they way I want them. David On Oct 2, 2012, at 1:17 PM, Oleksandr Moskalenko wrote:
Hi David,
I wonder if the user's umask is the problem.
I set the galaxy user's umask to 022 and our default umask on the cluster is 0022 for all users.
On Oct 2, 2012, at 12:55 PM, David Hoover <hooverdm@helix.nih.gov> wrote:
I'm playing with the "submitting jobs as the real user" method, and immediately ran into a problem. Uploaded files are created in mode 600, owned by the user. Galaxy then gives an error that the tmp file is not readable:
IOError: [Errno 13] Permission denied: '/spin1/users/galaxy/galaxy2/database/tmp/tmp3KHIDt'
Is there any way of changing the permissions on the temporary uploaded file to 666?
David Hoover Helix Systems Staff ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
Found a fix. The external_chown_script.py script forcibly changes the permissions on the file to be world-readable. diff external_chown_script.py external_chown_script.py.ORIG 33d32 < os.system('chmod -R a+r %s' %(path)) Please let me know if this is a bad change or if there is a better change. David Begin forwarded message:
From: David Hoover <hooverdm@helix.nih.gov> Date: October 2, 2012 1:21:02 PM EDT To: Oleksandr Moskalenko <om@hpc.ufl.edu> Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] submitting jobs as the real user
No, that's not it. The galaxy user, as well as all other users, have umask 022 by default.
I believe the problem is with Apache uploading. I can't figure out how to reconfigure Apache to set the permissions they way I want them.
David
On Oct 2, 2012, at 1:17 PM, Oleksandr Moskalenko wrote:
Hi David,
I wonder if the user's umask is the problem.
I set the galaxy user's umask to 022 and our default umask on the cluster is 0022 for all users.
On Oct 2, 2012, at 12:55 PM, David Hoover <hooverdm@helix.nih.gov> wrote:
I'm playing with the "submitting jobs as the real user" method, and immediately ran into a problem. Uploaded files are created in mode 600, owned by the user. Galaxy then gives an error that the tmp file is not readable:
IOError: [Errno 13] Permission denied: '/spin1/users/galaxy/galaxy2/database/tmp/tmp3KHIDt'
Is there any way of changing the permissions on the temporary uploaded file to 666?
David Hoover Helix Systems Staff ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
On Oct 2, 2012, at 1:39 PM, David Hoover wrote:
Found a fix. The external_chown_script.py script forcibly changes the permissions on the file to be world-readable.
diff external_chown_script.py external_chown_script.py.ORIG 33d32 < os.system('chmod -R a+r %s' %(path))
Please let me know if this is a bad change or if there is a better change.
Hi David, This script is used multiple times, so you might want to make sure that this change won't cause files to become readable that you would prefer remain unreadable. Since you mention Apache uploading, what are you using for Apache to handle the uploads? --nate
David
Begin forwarded message:
From: David Hoover <hooverdm@helix.nih.gov> Date: October 2, 2012 1:21:02 PM EDT To: Oleksandr Moskalenko <om@hpc.ufl.edu> Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] submitting jobs as the real user
No, that's not it. The galaxy user, as well as all other users, have umask 022 by default.
I believe the problem is with Apache uploading. I can't figure out how to reconfigure Apache to set the permissions they way I want them.
David
On Oct 2, 2012, at 1:17 PM, Oleksandr Moskalenko wrote:
Hi David,
I wonder if the user's umask is the problem.
I set the galaxy user's umask to 022 and our default umask on the cluster is 0022 for all users.
On Oct 2, 2012, at 12:55 PM, David Hoover <hooverdm@helix.nih.gov> wrote:
I'm playing with the "submitting jobs as the real user" method, and immediately ran into a problem. Uploaded files are created in mode 600, owned by the user. Galaxy then gives an error that the tmp file is not readable:
IOError: [Errno 13] Permission denied: '/spin1/users/galaxy/galaxy2/database/tmp/tmp3KHIDt'
Is there any way of changing the permissions on the temporary uploaded file to 666?
David Hoover Helix Systems Staff ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
This script is used multiple times, so you might want to make sure that this change won't cause files to become readable that you would prefer remain unreadable.
From the log output, it looks like files are chmod'd to the user, then later back to the Galaxy user. Is there somewhere else that isn't logged?
Since you mention Apache uploading, what are you using for Apache to handle the uploads?
I don't know, whatever the default mechanism. I'm not using nginx. David
On Oct 3, 2012, at 10:06 AM, David Hoover wrote:
This script is used multiple times, so you might want to make sure that this change won't cause files to become readable that you would prefer remain unreadable.
From the log output, it looks like files are chmod'd to the user, then later back to the Galaxy user. Is there somewhere else that isn't logged?
Hi David, It chowns the entire working directory, I double checked and I don't see anywhere else it runs. But after looking at the code again, I'm surprised this fix works since it shouldn't touch anything in new_file_path.
Since you mention Apache uploading, what are you using for Apache to handle the uploads?
I don't know, whatever the default mechanism. I'm not using nginx.
This would just upload straight through to Galaxy without any special handling by Apache. Tempfiles are created by Galaxy's internal webserver via the FieldStorage monkeypatch in lib/galaxy/web/framework/base.py --nate
David
While I've got you on the line, do you know why enabling the real user method blanks out the jobName for the PBS job? The jobName is set if the jobs are submitted as the Galaxy user. David On Oct 3, 2012, at 11:03 AM, Nate Coraor wrote:
On Oct 3, 2012, at 10:06 AM, David Hoover wrote:
This script is used multiple times, so you might want to make sure that this change won't cause files to become readable that you would prefer remain unreadable.
From the log output, it looks like files are chmod'd to the user, then later back to the Galaxy user. Is there somewhere else that isn't logged?
Hi David,
It chowns the entire working directory, I double checked and I don't see anywhere else it runs. But after looking at the code again, I'm surprised this fix works since it shouldn't touch anything in new_file_path.
Since you mention Apache uploading, what are you using for Apache to handle the uploads?
I don't know, whatever the default mechanism. I'm not using nginx.
This would just upload straight through to Galaxy without any special handling by Apache. Tempfiles are created by Galaxy's internal webserver via the FieldStorage monkeypatch in lib/galaxy/web/framework/base.py
--nate
David
participants (2)
-
David Hoover -
Nate Coraor