Difference between revisions of "Debugging hints"

From PDP/Grid Wiki
Jump to navigationJump to search
 
Line 33: Line 33:
 
  #!/bin/sh
 
  #!/bin/sh
 
   
 
   
  export GLEXEC_CLIENT_CERT=`pwd`/mkproxy-x509-voms
+
  export GLEXEC_CLIENT_CERT=/tmp/x509up_`id -u`
  export X509_USER_PROXY=`pwd`/mkproxy-x509-voms
+
  export X509_USER_PROXY=/tmp/x509up_`id -u`
 
   
 
   
 
  /opt/glite/sbin/glexec /usr/bin/id -a ; echo $?
 
  /opt/glite/sbin/glexec /usr/bin/id -a ; echo $?

Revision as of 07:16, 5 February 2010

Here are some useful things to check and mention when contacting us for help:

1. Check the version of the gLExec version:

The latest released version is gLExec version: 0.6.8-3

/opt/glite/sbin/glexec -v

2. Check the file permissions of the gLExec executable.

For all run-modes of gLExec, the gLExec must be executable for all user:

0111, 0555, 0755; owned by root:glexec or root:root.

For running gLExec in setuid mode, the gLExec must be executable for all user and have at least the setuid bit on the user:

4111, 4555, 4755; owned by root:glexec or root:root.

For running gLExec in setuid mode, the gLExec could also be setgid too (this solves a bug in the file log at the first run of gLExec):

6111, 6555, 6755; owned by root:glexec or root:root.

3. Execute with exported GLEXEC_CLIENT_CERT and exported X509_USER_PROXY, with the full path

export GLEXEC_CLIENT_CERT=`pwd`/mkproxy-x509-voms
export X509_USER_PROXY=`pwd`/mkproxy-x509-voms


4. Is the user account that tries to use gLExec whitelisted?

Method 1.: the calling account is a member of the 'glexec' primary or secondary group.

Method 2.: the account or the pool is whitelisted in the glexec.conf. See the glexec.conf man page for more details on the whitelist options: man 5 gLExec.conf

Example test script for gLExec

#!/bin/sh

export GLEXEC_CLIENT_CERT=/tmp/x509up_`id -u`
export X509_USER_PROXY=/tmp/x509up_`id -u`

/opt/glite/sbin/glexec /usr/bin/id -a ; echo $?