Updating Shibboleth SP by "yum update" changes owner:group and permissions of /var/{run,log}/shibboleth to the default (root:root and rwxrwxr-x) even if they already exist. Please preserve these permissions on updates if they already exist.
I am running shibd with user "shibboleth". I am using those directories with following permissions: rwxrwxr-x root:shibboleth /var/log/shibboleth rwxrwxr-x root:shibboleth /var/run/shibboleth , and had troubles on every recent updates.
Environment
CentOS 5.5 / Shibboleth 2.3.1 from openSUSE repos
Attachments
1
Activity
Show:
Scott Cantor August 25, 2011 at 12:36 AM
Changes made to use sysconfig/shibd to set user account and LD_LIBRARY_PATH on RH6.
This is going pretty well with a few adjustments, I need to get log files chown'd and test on SUSE and then I'll open it up for wider testing.
One change I made from your patch is not to delete the user on removal, which is mandated by packaging guidelines.
Scott Cantor August 16, 2011 at 4:24 PM
It's possible that would slide by because it's not a packaged file, I'm not sure without trying it. I guess everything else is world-readable anyway, so that's the main one.
Former user August 16, 2011 at 4:19 PM
In the current version of my patch I'm doing this in %post with
%{__chown} %{runuser} sp-key.pem
but is this again a problem for SUSE? (No chowns in %post - or no chowns for files/directories which are listed in %files?)
Fixed
Pinned fields
Click on the next to a field label to start pinning.
Updating Shibboleth SP by "yum update" changes owner:group and permissions of /var/{run,log}/shibboleth to the default (root:root and rwxrwxr-x) even if they already exist. Please preserve these permissions on updates if they already exist.
I am running shibd with user "shibboleth".
I am using those directories with following permissions:
rwxrwxr-x root:shibboleth /var/log/shibboleth
rwxrwxr-x root:shibboleth /var/run/shibboleth
, and had troubles on every recent updates.