Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Adjust ownership of /var/cache/shibboleth in the init script of RPM-based Linux distributions

Description

With https://shibboleth.atlassian.net/browse/SSPCPP-353#icft=SSPCPP-353 (i.e. version 2.5.0), the packaging was changed to run shibd under its own unprivileged account.

"Inadvertently" running shibd -t with root can break things like metadata updates, since files under /var/cache/shibboleth have their owner changed to root on this occasion.

Would it be possible to adjust the init scripts for the RPM-based scripts to (also) recursively change the owner of /var/cache/shibboleth (in addition to /var/run/shibboleth) in the start() function, as shown in the attached patch? (untested, but hopefully illustrates the idea)

Environment

None

Attachments

1
  • 23 Feb 2015, 09:51 AM

Activity

Show:

Former user March 9, 2015 at 12:11 PM

Nit: in the shibd-amazon.in file, the indenting is incorrect (http://svn.shibboleth.net/view/cpp-sp/branches/REL_2/configs/shibd-amazon.in?view=patch&r1=3907&r2=3906&pathrev=3907 - should be tab, not four blanks)

Scott Cantor March 4, 2015 at 2:51 AM

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Created February 23, 2015 at 9:51 AM
Updated March 20, 2015 at 1:12 AM
Resolved March 4, 2015 at 2:51 AM

Flag notifications