Bugzilla – Bug 4116
globus_module_activate( GLOBUS_GRAM_CLIENT_MODULE ) behaves differently for ENOENT and EACCES
Last modified: 2008-08-11 15:08:27
You need to
before you can comment on or make changes to this bug.
I hope this is direct enough -- this was discovered when using GAHP from the
When searching for CA certificates,
globus_module_activate( GLOBUS_GRAM_CLIENT_MODULE )
by default looks in ~/.globus/certifactes.
If it doesn't exist (ENOENT), it goes looking elsewhere (/etc/grid-security,
where they are located on our site) and works properly. If it can't access it
at all (EACCES), it instead errors out with an error #7 (Failed to activate
Globus 'modules'). This behavior seems a little inconsistent -- when an item in
the middle of a search path returns EACCES, I would expect the call to continue
to the next item rather than return an error.
This is a problem at FNAL where .globus can be in AFS and users may disallow
system:anyuser from read and lookup access.
The issue exists in the globus_gsi_sysconfig_get_cert_dir_unix() which treats
does not exist errors differently than other types of errors. There's probably
no reason to fail if a dir is unreadable differently than not existing.
Committed a patch to this to 4.0 branch and trunk.