This utility is a companion to the gLExec user-switching program. It
creates a temporary directory owned by the glexec target user in a
secure fashion.

This utility is useful in the context of Grid computing and Multi-User
Pilot Jobs.

When you use glexec with transient directories and input
sandboxes, it's important that you create a writable directory for
your target job, and you do this in a safe and portable way.

In general, the setup of the batch system and OS at a site does not
guarantee that the pilot job and the target user share a common group,
even though in practice the 'top-level' VO group will usually be in
common. However, it's not easy to identity this most-generic group. In
these cases, you need to do two things:

- Create a temporary directory for the target job using glexec. This
  utility provides a proof-of-principle implementation on how to
  create such a directory, and clean up after yourself.  It will
  usually be inside a temporary, transient area specific to the pilot
  job.

- ensure that this directory is reachable for the target job. This may
  mean making the 'upstream' directory traversable (not but
  necessarily readable) by the world.


When creating a temporary directory in a world-writable area, you
should take appropriate care to prevent race-condition vulnerabilities
(the same ones that the old tempnam(3) suffers from). The script
mkgltempdir helps to do that, but if you find any potential
weaknesses, please let us know.

The utility accepts the following command-line flags:

  -h                   print a help text
  -t targetdir-mode    permissions of the target directory created, a leading 0
                       is automatically added
                       (default: 0700, i.e. unreadable by the glexec invoker)
  -m parentmode        permissions for the current user on the parent tree, a
                       leading 0 is automatically added
                       (default: 0755, and should traversable for target uid)
  -r gltmp_dir         remove the target directory previously created by
                       $progname. Directory must be empty, unless -f 
                       is also specified.
  -f                   force removal of target directory, see above under -r
  -v                   print version number

  directory            base directory in which target directory is created
                       (default: current value of \$TMPDIR or, if unset, /tmp)

Return value is 0 if directory was successfully created, non-zero otherwise.

The path of the directory created is printed to stdout.
