Skip to content

Add submit pol wrapper

Matthew K Defenderfer requested to merge add-submit-pol-wrapper into main

This merge fixes issue #12 (closed) adding a python wrapper script around the bash scripts that start GPFS policy runs. Argument validation is strict within the Python script to ensure no improper commands are run with elevated privileges. Also made changes to file organization.

The bash scripts are kept in the same directory with the python script for now. As part of this merge request, the following changes should be made after the merge occurs, the local repo is synced, and the sudo privileges for run-submit-pol-job.py are added for select users:

  1. Permissions and ownership for submit-pol-job and run-mmpol.sh should be set to -r-x------ root:root
  2. Permissions and ownership for run-submit-pol-job.py should be set to -r-xr-x--- root:atlab.
    • Absolutely critical that no write permissions are allowed on the Python script to avoid someone changing the file to run unintended commands with elevated privileges.

See #12 (closed) for a more complete view of the proposed directory structure and corresponding permissions

Merge request reports