IdP install issue

Cantor, Scott cantor.2 at
Fri Nov 18 21:26:57 GMT 2011

On 11/18/11 4:21 PM, "Daniel A. Ramaley" <daniel.ramaley at> wrote:
>the first one. After tracing through the startup scripts, i found that
>RHEL 6 uses a separate variable for endorsed directories. I set this in
>tomcat6.conf and now all is well:
>    JAVA_ENDORSED_DIRS="/usr/share/tomcat6/endorsed"

You might want to document that in the wiki on the TomcatPrepare page as a
note or tip.

>>If you had to change permissions, you installed the IdP as a different
>>user than you're running it under.
>Will that cause problems down the road? I did the install as root, but
>Tomcat runs as the tomcat user. I could probably run the install as
>tomcat as long as /opt had permissions set so that tomcat could create
>the shibboleth-idp directory, right?

Or just create it as root and chmod it. I guess there are justifications
for the files not being writable by the tomcat user. It's more hassle than
I wanted at least. I'm just saying that's why it wasn't documented, the
assumption is you install as the run user.

-- Scott

More information about the users mailing list