shibd as non-root

Kristof BAJNOK bajnokk at
Mon Dec 1 15:53:10 UTC 2008

I was tweaking with changing the SP to run shibd as a system user. It seems 
that it's quite obvious thing to do. Changing permissions 
for /var/log/shibboleth, /var/run/shibboleth and the PKI keys and minor 
editing in the init script was enough to let it go. And it seems to be 
working fine. 

That could be easily done by the package, so we could get rid of running it 
as root. (Which could be a slight security improvement.)

Opinions? (See also:

Kristof BAJNOK
Systems Engineer / Middleware
NIIF / Hungarnet

More information about the Pkg-shibboleth-devel mailing list