What's new

This release of gLExec 0.8 is fully backwards compatible with both the previous versions 0.7 and 0.6.8. It relaxes a few restrictions made in version 0.7 which were too strict and broke backwards compatibility with version 0.6.8 (when not using YAIM). In addition, a number of new glexec.conf options are introduced. All their default values are ensuring backwards compatibility.

• New glexec.conf options
  
  • syslog_facility: gLExec by default uses syslog facility LOG_DAEMON. This option allows to switch to a different facility.
  • diff_syslog_levels: historically, when logging to syslog, gLExec logs at level LOG_ERR, using the option log_level only to determine the amount of log entries. By setting this option to yes, proper syslog levels are used matching gLExec's own log levels. This is obviously the preferred setting, but different from the 0.7 and 0.6 behaviour.
  • log_file_group: The logfile will be opened and created using this group. When parent directories are created, the same group is used.
  • group_white_list: By default gLExec whitelists users which are member of the 'glexec' group. This behaviour can now be modified by specifying a different group using this option.
  • create_target_proxy: By default gLExec always writes and/or sets up environment variables for a valid proxy for the payload user. By setting this option to 'no' this is disabled: no file will be written and the environment of the payload will not contain X509_USER_PROXY and GLEXEC_TARGET_PROXY variables.
  • lcas_libdir: Using this option a specific library directory can be specified where to look for the LCAS library. If unspecified, the standard search paths as specified using ld.conf are used. This allows for greater deployment flexibility.
  • lcmaps_libdir: See under lcas_libdir. In addition, for newer LCMAPS versions, the modules/ subdirectory of this directory is used to look for LCMAPS modules.
  • lcmaps_voms_verification: By default, LCMAPS verifies VOMS credentials present in the proxy. Using this option, this can be disabled.

• the logging functionality is greatly improved, e.g.:
  
  • fixing a number of bugs, including handling non-printable characters, long lines etc.
  • relaxing a few unnecessary restrictions on the path of the log file. The only requirement is now that the logfile path is trusted, i.e. the file is not-writable by others than the user root.
  • including clarifications and fixing of typos in log messages.
  • in the logfile the absolute canonical path is printed.
  • creation of parent directories for the logfile(s) when needed.
  • setting and configuring the group ownership of the logfiles.
  • removing unused options lcas_log_level and lcmaps_log_level. The only valid options where always lcas_debug_level and lcmaps_debug_level.
  • log entries in LCAS/LCMAPS logfiles are now entirely in UT, instead of partially UT, partially localtime.
• a few bugs with opening/permission checking of the glexec.conf have been fixed. Also, the glexec.conf no longer has to be 'confidential': although not preferred, it is allowed to be world-readable in setuid mode. World writable is not allowed.
• permissions/ownership tests of the executable are relaxed as they did not add security. The file has to be a regular file or symlink to a regular file.
• when LCAS is disabled in the glexec.conf file (use_lcas = no), it is now no longer needed to have the LCAS libraries installed on the system.
• when the target user has no home directory or one that is not accessible, gLExec will remain in the directory it was called from if that is accessible to the target user. If that is also not accessible, the payload will run from / In the 0.7 version this would have been a fatal error.
• the defaults printed using glexec -V are much more complete.
• the already dysfunctional GLEXEC_MODE variable is now completely removed.
• in logging only mode, there is no longer a need for a glexec user and glexec group on the system.
• in case the payload terminates via a signal, gLExec will forward this into the exit code as also described at http://tldp.org/LDP/abs/html/exitcodes.html: 128+n where n is the signal.
• cleanup of man pages, including specifying default values for all options.
• at build time, the only dependencies are on org.glite.build.common-cpp and lcmaps-interface. This makes it much easier to rebuild from a source rpm.
• the configure script has an option to set the build time path of the glexec.conf, --with-glexec-conf=FILE, which also makes it much easier to rebuild from a source rpm.
• The code has been succesfully built and tested on RH/CentOS/SL(C) 4 and 5, OpenSUSE 11.1, Debian 5, Ubuntu 10.04, MacOS 10.6 and OpenSolaris 2009.06 (both Sun CC and GCC). It also has been successfully built on FreeBSD 8.0.
• mkgltempdir has been added.
• small update to the glexec_wrapper script(s) to respect the GLEXEC_LOCATION variable.