Difference between revisions of "Debugging hints"
From PDP/Grid Wiki
Jump to navigationJump to search| Line 9: | Line 9: | ||
== Check the file permissions of the gLExec executable. == | == Check the file permissions of the gLExec executable. == | ||
| − | For all run-modes of gLExec, the gLExec must be executable for all | + | For all run-modes of gLExec, the gLExec must be ''executable'' for all users. |
| − | |||
| − | For running gLExec in setuid mode, the | + | *For running gLExec in '''setuid''' mode, ''preferably'' use one of the following modes ('''setuid''' and '''setgid'''): |
| − | + | glexec: mode: 6111, 6511, 6711; owned by root:glexec | |
| + | glexec.conf: mode: 0440; owned by root:glexec | ||
| − | For running gLExec in | + | *In case setgid is not possible, ''preferably'' use one of the following modes (only '''setuid'''): |
| − | + | glexec: mode: 4111, 4511, 4711; owned by root:glexec or root:root | |
| + | glexec.conf: mode: 0444; owned by root:glexec or root:root | ||
| + | |||
| + | *For running gLExec in '''logging only''' mode, ''preferably'' use one of the following modes: | ||
| + | glexec: mode: 0111, 0511, 0711; owned by root:glexec or root:root | ||
| + | glexec.conf: mode: 0444; owned by root:glexec or root:root | ||
== Before continuing with testing: The gLExec Exit Codes and the Environment variables == | == Before continuing with testing: The gLExec Exit Codes and the Environment variables == | ||
Revision as of 14:00, 18 February 2010
Here are some useful things to check and mention when contacting us for help:
Check the version of the gLExec version:
The latest released version is gLExec version: 0.6.8-3
/opt/glite/sbin/glexec -v
Check the file permissions of the gLExec executable.
For all run-modes of gLExec, the gLExec must be executable for all users.
- For running gLExec in setuid mode, preferably use one of the following modes (setuid and setgid):
glexec: mode: 6111, 6511, 6711; owned by root:glexec glexec.conf: mode: 0440; owned by root:glexec
- In case setgid is not possible, preferably use one of the following modes (only setuid):
glexec: mode: 4111, 4511, 4711; owned by root:glexec or root:root glexec.conf: mode: 0444; owned by root:glexec or root:root
- For running gLExec in logging only mode, preferably use one of the following modes:
glexec: mode: 0111, 0511, 0711; owned by root:glexec or root:root glexec.conf: mode: 0444; owned by root:glexec or root:root
Before continuing with testing: The gLExec Exit Codes and the Environment variables
The following pages might hold interesting to glance through before proceeding with your debugging:
- Proxy file handling in gLExec: All the details about the environment variables used by gLExec.
- Exit codes of gLExec: All the details about the exit codes of gLExec.
Test the exit codes by printing them on the shell by showing the value of $? Example:
/opt/glite/sbin/glexec /usr/bin/id -a; echo $?
Execute with exported GLEXEC_CLIENT_CERT and exported X509_USER_PROXY, with the full path
export GLEXEC_CLIENT_CERT=`pwd`/mkproxy-x509-voms export X509_USER_PROXY=`pwd`/mkproxy-x509-voms
Is the user account that tries to use gLExec whitelisted?
Method 1.: the calling account is a member of the 'glexec' primary or secondary group.
Method 2.: the account or the pool is whitelisted in the glexec.conf. See the glexec.conf man page for more details on the whitelist options: man 5 gLExec.conf
Example test script for gLExec
Testing basic functionality:
#!/bin/sh TESTPROXY=/tmp/x509up_`id -u` export GLEXEC_CLIENT_CERT=$TESTPROXY export X509_USER_PROXY=$TESTPROXY /opt/glite/sbin/glexec /usr/bin/id -a ; echo $?
Testing with the transfer of a specific proxy file:
#!/bin/sh TESTPROXY=/tmp/x509up_`id -u` export GLEXEC_CLIENT_CERT=$TESTPROXY export X509_USER_PROXY=$TESTPROXY export GLEXEC_SOURCE_PROXY=$TESTPROXY /opt/glite/sbin/glexec /usr/bin/id -a ; echo $?
