Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
get real user name from username and email (for submission as real user with drmaa) #4096
The main part of this PR is that the drmaa job submission uses the username or the email that is stored in galaxy for submission as real user. This is in particular useful if the galaxy instance gets its users from LDAP. I do not know if this is already useful for users of other cluster software than drmaa.
A secondary change is to preserve the PATH, LD_LIBRARY_PATH .. variables for the sudo calls for the external script since otherwise these variables are not kept in the environment (sudo resets them). I guess this needs to be discussed since sudo does this reset on purpose. I needed this, since otherwise in my installation python (which is not in a default path) is not found anymore.
Furthermore, the external runner worked for me only if the --assign_all_groups parameter was used. Would be nice if somebody could verify if this is useful, since I did not understand this parameter.
Important note: I'm quite new to galaxy and this is my 1st "serious" PR. I guess this needs proper testing.
Just added a small change to external_chown_script.py, that might inrease security (I thought it fits to the PR, since it affects the cluster access).
Our admins here were concerned that with sudo rights on this script it is possible to change the owner and group of every file in the system. They suggested to make a check which allows changes only in subdirectories of the galaxy installation directory. I have made this configurable, i.e. one can configure a list of directories. To be sure the path given on the command line is made absolute, i.e., it should not be possible to place links inside the directory that point somewhere else.
The idea would be that the admins can review the paths and then remove write access to the file when they add the sudo permissions.
Changes can be found here
# Go to your galaxy repo git remote add rhpvorderman https://github.com/rhpvorderman/galaxy.git git fetch rhpvorderman git merge rhpvorderman/fix_duplication # commit the changes and push them.
Thanks for the great code! This was exactly what we needed.
Unfortunately I could not test today because I did not have write access to the external scripts (I hope our admins change this by tomorrow). Therefore I started to document the changes in galaxy-hub. See galaxyproject/galaxy-hub#270 . Maybe you could have a look -- I might have forgotten something.