Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others

Thu, 22 Jan 2015 13:25:04 -0800 

Thanks very much. Most appreciated.

Dave

+-+-+-+-+-+-+-+-+-
Dave McLellan, Enterprise Storage Software Engineering, EMC Corporation, 176 
South St.
Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749
Office:    508-249-1257, FAX: 508-497-8027, Mobile:   978-500-2546, 
dave.mclel...@emc.com
+-+-+-+-+-+-+-+-+-

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Michael Wojcik
Sent: Thursday, January 22, 2015 4:16 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes 
failure on AIX, warning on all others

(Apologies for the top-post; Outlook does not deal properly with HTML email.)

If open, called by fopen, actually is setting EPERM, then one of the following 
should be true:

- /usr/local/ssl/openssl.cnf exists but the user does not have read permission 
on it
- Either /usr/local or /usr/local/ssl exists and is a directory, but the user 
does not have *execute* permission on it
[[Dave] ] I believe this is the case; the x bit was not on /usr/local I think.  
 I no longer have access to the host (owned by someone else).

Note that *read* permission on the directories is not necessary to open a file 
contained therein. Read permission on a directory is only required to enumerate 
the directory contents (for ls, find, etc). Execute permission on a directory, 
on the other hand, is traversal permission, and you need traversal permission 
along the path to open a file.

There are some other possibilities, such as ACLs (not commonly used in AIX, but 
available). Users who don't have traverse permission for /usr itself would have 
a hard time getting this far, so we can probably rule that out.

A run under truss might be enlightening.
[[Dave] ] oh yeah, I had thought of trying truss.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
mclellan, dave
Sent: Thursday, January 22, 2015 15:00
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes 
failure on AIX, warning on all others


Thank you Rich.



The sentence you couldn't understand is my bad, s/b:



"In fact, on some, even non-AIX hosts, permissions would suggest that the 
permission error should be returned."



Dave




This message has been scanned for malware by Websense. 
www.websense.com<http://www.websense.com/>

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to