shibd as non-root

Russ Allbery rra at debian.org
Fri May 22 17:47:02 UTC 2009


Ferenc Wagner <wferi at niif.hu> writes:

> Creating a _shibd system user from postinst, changing ownership of
> /var/{run,log}/shibboleth and adding --chuid to the init script is
> straightfoward.  The problematic part is the private key, which shibd
> must be able to read, but whose path is a configuration option, which
> is presumably changed more often than the logging directory.  Even if
> we parse it out of shibboleth2.xml, it may be unwise to change its
> permissions behind the admin's back.
>
> So how could we best avoid breaking systems on upgrade?

Is there any way that we can check at startup time whether the _shibd
user can read the private key?  Some sort of shibd sanity check option
would be great here.  Then, we could modify the init script to change
users iff the sanity check passed and document in NEWS.Debian that
people should change the permissions on the private key so that _shibd
can read it.

We should probably put _shibd in the ssl-cert group so that this will
just work for people who are using the standard Debian SSL key layout.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>



More information about the Pkg-shibboleth-devel mailing list