glexec is a tool that provides a sudo-like capability in a grid environment. glexec takes an X.509 proxy and a command to run as inputs, and maps the proxy to a local identity (that is, a Unix UID), which it then uses to execute the command. See http://www.nikhef.nl/grid/lcaslcmaps/glexec/ for more information about glexec. -Condor supports using glexec on the execute side to provide a sort of alternative form of PrivSep (called GLEXEC_JOB mode). This is useful in a glide-in scenario for providing isolation between the glide-in and the jobs underneath it. Igor Sfiligoi uses Condor's glexec support in his glide-in setups for a number of HEP projects. +HTCondor supports using glexec on the execute side to provide a sort of alternative form of PrivSep (called GLEXEC_JOB mode). This is useful in a glide-in scenario for providing isolation between the glide-in and the jobs underneath it. Igor Sfiligoi uses HTCondor's glexec support in his glide-in setups for a number of HEP projects. -A previous implementation of glexec integration in Condor had the StartD using glexec to spawn the Starter (called GLEXEC_STARTER mode). This implementation had a number of drawbacks and is now deprecated. The rest of this document will focus on details of the GLEXEC_JOB implementation. Specifically, changes made to the Starter and the ProcD to support GLEXEC_JOB mode will be described. +A previous implementation of glexec integration in HTCondor had the StartD using glexec to spawn the Starter (called GLEXEC_STARTER mode). This implementation had a number of drawbacks and is now deprecated. The rest of this document will focus on details of the GLEXEC_JOB implementation. Specifically, changes made to the Starter and the ProcD to support GLEXEC_JOB mode will be described. {section: Starter}