Difference between revisions of "Debugging hints"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 18: Line 18:
 
  6111, 6555, 6755; owned by root:glexec or root:root.
 
  6111, 6555, 6755; owned by root:glexec or root:root.
  
== 3. Execute with exported GLEXEC_CLIENT_CERT and exported X509_USER_PROXY, with the full path ==
+
== Execute with exported GLEXEC_CLIENT_CERT and exported X509_USER_PROXY, with the full path ==
 
  export GLEXEC_CLIENT_CERT=`pwd`/mkproxy-x509-voms
 
  export GLEXEC_CLIENT_CERT=`pwd`/mkproxy-x509-voms
 
  export X509_USER_PROXY=`pwd`/mkproxy-x509-voms
 
  export X509_USER_PROXY=`pwd`/mkproxy-x509-voms
 
  
 
== 4. Is the user account that tries to use gLExec whitelisted? ==
 
== 4. Is the user account that tries to use gLExec whitelisted? ==

Revision as of 07:20, 5 February 2010

Here are some useful things to check and mention when contacting us for help:

Check the version of the gLExec version:

The latest released version is gLExec version: 0.6.8-3

/opt/glite/sbin/glexec -v

Check the file permissions of the gLExec executable.

For all run-modes of gLExec, the gLExec must be executable for all user:

0111, 0555, 0755; owned by root:glexec or root:root.

For running gLExec in setuid mode, the gLExec must be executable for all user and have at least the setuid bit on the user:

4111, 4555, 4755; owned by root:glexec or root:root.

For running gLExec in setuid mode, the gLExec could also be setgid too (this solves a bug in the file log at the first run of gLExec):

6111, 6555, 6755; owned by root:glexec or root:root.

Execute with exported GLEXEC_CLIENT_CERT and exported X509_USER_PROXY, with the full path

export GLEXEC_CLIENT_CERT=`pwd`/mkproxy-x509-voms
export X509_USER_PROXY=`pwd`/mkproxy-x509-voms

4. Is the user account that tries to use gLExec whitelisted?

Method 1.: the calling account is a member of the 'glexec' primary or secondary group.

Method 2.: the account or the pool is whitelisted in the glexec.conf. See the glexec.conf man page for more details on the whitelist options: man 5 gLExec.conf

Example test script for gLExec

Testing basic functionality:

#!/bin/sh

TESTPROXY=/tmp/x509up_`id -u`

export GLEXEC_CLIENT_CERT=$TESTPROXY
export X509_USER_PROXY=$TESTPROXY

/opt/glite/sbin/glexec /usr/bin/id -a ; echo $?


Testing with the transfer of a specific proxy file:

#!/bin/sh

TESTPROXY=/tmp/x509up_`id -u`

export GLEXEC_CLIENT_CERT=$TESTPROXY
export X509_USER_PROXY=$TESTPROXY
export GLEXEC_SOURCE_PROXY=$TESTPROXY

/opt/glite/sbin/glexec /usr/bin/id -a ; echo $?