Run shibd as non-root

Ferenc Wagner wferi at niif.hu
Tue Sep 22 20:15:12 UTC 2009


"Ferenc Wagner" <wferi at niif.hu> writes:

> commit 245f2b9793cd1abb7d3013433f71f9d9a6102536
> Author: Ferenc Wagner <wferi at niif.hu>
> Date:   Fri Sep 18 13:05:09 2009 +0200
>
>     Run shibd as non-root
>     On installation, create a new system user (_shibd) and run
>     shibd as this user if possible.

To clarify my position on this patch (which hopefully does not make
the ongoing security fixes harder; don't hesitate to rollback if it
does): I'm not too keen on overriding the owners of the logs, as
that's part of the policy of the local sysadmin, but otherwise this
approach seems to work.  I regard it as a proof of concept and basis
for discussion, but I haven't got much to add.  So opinions welcome,
maybe this stuff does not really belong into the init script...
-- 
Cheers,
Feri.



More information about the Pkg-shibboleth-devel mailing list