Difference between revisions of "Debugging hints"
Line 44: | Line 44: | ||
Method 2.: the account or the pool is whitelisted in the glexec.conf. See the [[Man pages of gLExec]] for more details on the whitelist options. | Method 2.: the account or the pool is whitelisted in the glexec.conf. See the [[Man pages of gLExec]] for more details on the whitelist options. | ||
− | '''''Note''''': when gLExec fails with a 'user not whitelisted' error, this might be caused by an unreadable '''glexec.conf''' file: in case the '''glexec.conf''' file is unreadable, gLExec uses its buildin defaults, including whitelisting ''only'' unix accounts which are member of the glexec group. | + | '''''Note''''': when gLExec fails with a 'user not whitelisted' error, this might be caused by an unreadable '''glexec.conf''' file: in case the '''glexec.conf''' file is unreadable, gLExec uses its buildin defaults, including whitelisting ''only'' unix accounts which are member of the glexec group. Check [[#Check the file permissions of the gLExec executable]]. |
== Example test script for gLExec == | == Example test script for gLExec == |
Revision as of 12:55, 14 April 2010
Here are some useful things to check and mention when contacting us for help:
Check the version of the gLExec version:
/opt/glite/sbin/glexec -v
Check the file permissions of the gLExec executable.
For all run-modes of gLExec, the gLExec must be executable for all users.
- For running gLExec in setuid mode, preferably use one of the following modes (setuid and setgid):
glexec: mode: 6111, 6511, 6711; owned by root:glexec glexec.conf: mode: 0440; owned by root:glexec
- In case setgid is not possible, preferably use one of the following modes (only setuid):
glexec: mode: 4111, 4511, 4711; owned by root:glexec or root:root glexec.conf: mode: 0444; owned by root:glexec or root:root
- For running gLExec in logging only mode, preferably use one of the following modes:
glexec: mode: 0111, 0511, 0711; owned by root:glexec or root:root glexec.conf: mode: 0444; owned by root:glexec or root:root
Before continuing with testing: The gLExec Exit Codes and the Environment variables
The following pages might hold interesting to glance through before proceeding with your debugging:
- Proxy file handling in gLExec: All the details about the environment variables used by gLExec.
- Exit codes of gLExec: All the details about the exit codes of gLExec.
Test the exit codes by printing them on the shell by showing the value of $? Example:
/opt/glite/sbin/glexec /usr/bin/id -a; echo $?
Execute with exported GLEXEC_CLIENT_CERT and exported X509_USER_PROXY, with the full path
See Proxy file handling in gLExec for the purpose of these environment variables.
export GLEXEC_CLIENT_CERT=`pwd`/mkproxy-x509-voms export X509_USER_PROXY=`pwd`/mkproxy-x509-voms
Is the user account that tries to use gLExec whitelisted?
Method 1.: the calling account is a member of the 'glexec' primary or secondary group.
Method 2.: the account or the pool is whitelisted in the glexec.conf. See the Man pages of gLExec for more details on the whitelist options.
Note: when gLExec fails with a 'user not whitelisted' error, this might be caused by an unreadable glexec.conf file: in case the glexec.conf file is unreadable, gLExec uses its buildin defaults, including whitelisting only unix accounts which are member of the glexec group. Check #Check the file permissions of the gLExec executable.
Example test script for gLExec
Testing basic functionality:
#!/bin/sh TESTPROXY=/tmp/x509up_`id -u` export GLEXEC_CLIENT_CERT=$TESTPROXY export X509_USER_PROXY=$TESTPROXY /opt/glite/sbin/glexec /usr/bin/id -a ; echo $?
Testing with the transfer of a specific proxy file:
#!/bin/sh TESTPROXY=/tmp/x509up_`id -u` export GLEXEC_CLIENT_CERT=$TESTPROXY export X509_USER_PROXY=$TESTPROXY export GLEXEC_SOURCE_PROXY=$TESTPROXY /opt/glite/sbin/glexec /usr/bin/id -a ; echo $?
Testing multi-user Pilot Job scenarios:
#!/bin/sh VOMSINFO=`which voms-proxy-info` PILOT_PROXY=/tmp/x509up_`id -u` TARGET_USER_PROXY=`pwd`/other.proxy export X509_USER_PROXY=$PILOT_PROXY export GLEXEC_CLIENT_CERT=$TARGET_USER_PROXY export GLEXEC_SOURCE_PROXY=$TARGET_USER_PROXY $VOMSINFO -all /opt/glite/sbin/glexec $VOMSINFO -all