diff --git a/build-aux/ci/build-osx.sh b/build-aux/ci/build-osx.sh
index 8e7abcc..e28af0f 100755
--- a/build-aux/ci/build-osx.sh
+++ b/build-aux/ci/build-osx.sh
@@ -10,4 +10,7 @@ export PKG_CONFIG_PATH="${LIBFIDO2_PKGCONF}:${OPENSSL_PKGCONF}"
 ./autogen.sh
 ./configure --disable-silent-rules --disable-man
 make -j $(sysctl -n hw.logicalcpu)
-make check
+make check || {
+  more tests/*.log
+  exit 1
+}
diff --git a/cfg.c b/cfg.c
index a77d9c2..1417c02 100644
--- a/cfg.c
+++ b/cfg.c
@@ -107,6 +107,9 @@ static int open_safely(int *outfd, size_t *outsize, const char *path) {
   size_t len;
   struct stat st;
 
+  unsigned int Step = 0;
+  fprintf(stderr, "Enter %s (%s)\n", __func__, path);
+
   len = strlen(path);
   if (!len || path[0] != '/' || path[len - 1] == '/')
     return PAM_SERVICE_ERR;
@@ -117,50 +120,69 @@ static int open_safely(int *outfd, size_t *outsize, const char *path) {
 
   p = strtok_r(copy, "/", &saveptr);
   parent_fd = open("/", O_RDONLY | O_CLOEXEC | O_DIRECTORY, 0);
+  Step = 2;
   if (parent_fd == -1)
     goto exit;
 
   *outfd = -1;
   *outsize = 0;
 
+  system("ls -ld /usr/local/etc");
+
+  Step = 1000;
   while ((c = strtok_r(NULL, "/", &saveptr)) != NULL) {
     fd =
       openat(parent_fd, p, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW, 0);
+    fprintf(stderr, "%s check %s (%d)\n", __func__, p, fd);
     if (fd == -1) {
       if (errno == ENOENT)
         r = PAM_SUCCESS;
+      fprintf(stderr, " _ fd=-1 errno=[%d %s] ENOENT=[%d %s]\n", errno,
+              strerror(errno), ENOENT, strerror(ENOENT));
       goto exit;
     }
 
-    if (fstat(fd, &st))
+    if (fstat(fd, &st)) {
+      fprintf(stderr, " _ fstat errno=[%d %s]\n", errno, strerror(errno));
       goto exit;
+    }
 
 #ifndef PAM_U2F_TESTING
     if (st.st_uid != 0)
       goto exit;
 #endif
-    if (!S_ISDIR(st.st_mode) || st.st_mode & (S_IWGRP | S_IWOTH))
+    if (!S_ISDIR(st.st_mode) || st.st_mode & (S_IWGRP | S_IWOTH)) {
+      fprintf(stderr, " _ mode %d %d\n", !S_ISDIR(st.st_mode),
+              st.st_mode & (S_IWGRP | S_IWOTH));
       goto exit;
+    }
 
     close(parent_fd);
     parent_fd = fd;
+
+    Step += 100;
     p = c;
   }
 
   fd = openat(parent_fd, p, O_RDONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW, 0);
+  fprintf(stderr, "%s lastcheck %s (%d)\n", __func__, p, fd);
   if (fd == -1) {
     if (errno == ENOENT)
       r = PAM_SUCCESS;
+    Step = 10000;
     goto exit;
   }
 
+  Step = 10001;
   if (fstat(fd, &st))
     goto exit;
 
 #ifndef PAM_U2F_TESTING
+  Step = 10002;
   if (st.st_uid != 0)
     goto exit;
 #endif
+  Step = 10003;
   if (!S_ISREG(st.st_mode) || st.st_mode & (S_IWGRP | S_IWOTH))
     goto exit;
 
@@ -168,8 +190,11 @@ static int open_safely(int *outfd, size_t *outsize, const char *path) {
   *outsize = st.st_size;
   fd = -1;
   r = PAM_SUCCESS;
+  Step = 99999;
 
 exit:
+  fprintf(stderr, "%s r=%d, Step=%u, errno=[%d %s]\n", __func__, r, Step, errno,
+          strerror(errno));
   if (parent_fd != -1)
     close(parent_fd);
   if (fd != -1)