Thanks very much. Most appreciated. Dave +-+-+-+-+-+-+-+-+- Dave McLellan, Enterprise Storage Software Engineering, EMC Corporation, 176 South St. Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749 Office: 508-249-1257, FAX: 508-497-8027, Mobile: 978-500-2546, dave.mclellan at emc.com +-+-+-+-+-+-+-+-+- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Michael Wojcik Sent: Thursday, January 22, 2015 4:16 PM To: openssl-users at openssl.org Subject: Re: missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others (Apologies for the top-post; Outlook does not deal properly with HTML email.) If open, called by fopen, actually is setting EPERM, then one of the following should be true: - /usr/local/ssl/openssl.cnf exists but the user does not have read permission on it - Either /usr/local or /usr/local/ssl exists and is a directory, but the user does not have *execute* permission on it [[Dave] ] I believe this is the case; the x bit was not on /usr/local I think. I no longer have access to the host (owned by someone else). Note that *read* permission on the directories is not necessary to open a file contained therein. Read permission on a directory is only required to enumerate the directory contents (for ls, find, etc). Execute permission on a directory, on the other hand, is traversal permission, and you need traversal permission along the path to open a file. There are some other possibilities, such as ACLs (not commonly used in AIX, but available). Users who don't have traverse permission for /usr itself would have a hard time getting this far, so we can probably rule that out. A run under truss might be enlightening. [[Dave] ] oh yeah, I had thought of trying truss. From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of mclellan, dave Sent: Thursday, January 22, 2015 15:00 To: openssl-users at openssl.org<mailto:openssl-users at openssl.org> Subject: Re: missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others Thank you Rich. The sentence you couldn't understand is my bad, s/b: "In fact, on some, even non-AIX hosts, permissions would suggest that the permission error should be returned." Dave This message has been scanned for malware by Websense. www.websense.com<http://www.websense.com/> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150122/5320b296/attachment-0001.html>