Adjust ownership of /var/cache/shibboleth in the init script of RPM-based Linux distributions
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
With (i.e. version 2.5.0), the packaging was changed to run shibd under its own unprivileged account.
"Inadvertently" running shibd -t with root can break things like metadata updates, since files under /var/cache/shibboleth have their owner changed to root on this occasion.
Would it be possible to adjust the init scripts for the RPM-based scripts to (also) recursively change the owner of /var/cache/shibboleth (in addition to /var/run/shibboleth) in the start() function, as shown in the attached patch? (untested, but hopefully illustrates the idea)
With (i.e. version 2.5.0), the packaging was changed to run
shibdunder its own unprivileged account."Inadvertently" running
shibd -twith root can break things like metadata updates, since files under/var/cache/shibbolethhave their owner changed torooton this occasion.Would it be possible to adjust the init scripts for the RPM-based scripts to (also) recursively change the owner of
/var/cache/shibboleth(in addition to/var/run/shibboleth) in thestart()function, as shown in the attached patch? (untested, but hopefully illustrates the idea)