shibd as non-root
Kristof BAJNOK
bajnokk at niif.hu
Mon Dec 1 15:53:10 UTC 2008
I was tweaking with changing the SP to run shibd as a system user. It seems
that it's quite obvious thing to do. Changing permissions
for /var/log/shibboleth, /var/run/shibboleth and the PKI keys and minor
editing in the init script was enough to let it go. And it seems to be
working fine.
That could be easily done by the package, so we could get rid of running it
as root. (Which could be a slight security improvement.)
Opinions? (See also:
https://mail.internet2.edu/wws/arc/shibboleth-users/2006-10/msg00120.html)
Kristof
--
Kristof BAJNOK
Systems Engineer / Middleware
NIIF / Hungarnet
Hungary
More information about the Pkg-shibboleth-devel
mailing list