The error is caused by subdomain blocking access to the subdirectory. You can work around the issue by not using classes in subdirectories under /var/class. Else, here are steps to allow MCPD access to the /var/class subdirectory:
GUI error:
01070644:3: The requested class file (/var/class/subdir/subdir.test.class) exists, but does not have read/write privilege.
/var/log/kern.log:
Nov 10 10:41:12 test SubDomain: REJECTING rw access to /var/class/subdir/subdir.test.class (mcpd(24866) profile /bin/mcpd active /bin/mcpd)
There are two related files which you'd need to modify to allow access from the GUI and via iControl to subdirectories under /var/class:
/etc/subdomain.d/bin.mcpd
/etc/subdomain.d/usr.local.www.iControl.iControlPortal.cgi
grep -R class /etc/subdomain.d/*
bin.mcpd: /var/class/* lrw,
usr.local.www.iControl.iControlPortal.cgi: /var/class/* lrw,
I wasn't able to find documentation on this, but it looks like you can give recursive access by changing the /var/class/* entries to /var/class/**.
I tested this by:
- creating an external class file under /var/class/subdomain/subdir.test.class
- modifiying the /etc/subdomain.d/bin.mcpd file entry from /var/class/* lrw, to /var/class/** lrw
- restarting subdomain (bigstart restart subdomain)
I could then create an external class in the GUI which referenced the /var/class/subdir/subdir.test.class file.
Note that you should also modify the usr.local.www.iControl.iControlPortal.cgi entry for /var/class to allow iControl apps to access this class.
Aaron