Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-608

Allow customizing the install.sh's "reprotect" step for "conf/*" files (user-supplied file mode)

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.1.0
    • Component/s: Installer
    • Labels:
      None

      Description

      Running install.sh currently sets the permissions of all user-configurable files (i.e., /opt/shibboleth-idp/conf/*) to 600. Many/most of these files do not contain "sensitive" data, so limiting their file mode to u=rw only (i.e. the root user for a typical invocation of install.sh) makes it unnecessarily hard for examining/checking the IdP configuration with an unprivileged account.

      Would it be possible to make at least the following step in build.xml "configurable" in 3.1.0 with a command-line option, like so?

              <property name="idp.conf.filemode" value="600"/>
              <chmod perm="${idp.conf.filemode}" dir="${idp.target.dir}/conf" includes="**/*"/>
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rdw@iay.org.uk Rod Widdowson
              Reporter:
              zccx04fxbfekk/ldylvfqohcyf4=@https://aai-logon.switch.ch/idp/shibboleth Kaspar Brand
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m