Run shibd as non-root
Ferenc Wagner
wferi at niif.hu
Tue Sep 22 20:15:12 UTC 2009
"Ferenc Wagner" <wferi at niif.hu> writes:
> commit 245f2b9793cd1abb7d3013433f71f9d9a6102536
> Author: Ferenc Wagner <wferi at niif.hu>
> Date: Fri Sep 18 13:05:09 2009 +0200
>
> Run shibd as non-root
> On installation, create a new system user (_shibd) and run
> shibd as this user if possible.
To clarify my position on this patch (which hopefully does not make
the ongoing security fixes harder; don't hesitate to rollback if it
does): I'm not too keen on overriding the owners of the logs, as
that's part of the policy of the local sysadmin, but otherwise this
approach seems to work. I regard it as a proof of concept and basis
for discussion, but I haven't got much to add. So opinions welcome,
maybe this stuff does not really belong into the init script...
--
Cheers,
Feri.
More information about the Pkg-shibboleth-devel
mailing list