Has shibd to run on the same server

Cantor, Scott cantor.2 at osu.edu
Thu Jul 24 13:07:13 EDT 2014


On 7/24/14, 1:03 PM, "Ian Rifkin" <irifkin at brandeis.edu> wrote:

>Is that true? You don't need to be root, but you probably need some kind
>of permissions on the server. Apache doesn't need to run as root, shibd
>doesn't need to run as root, shib sp config can be installed anywhere,
>the apache module can be installed anywhere, etc. Off the top of my head,
>you'd only need root for putting something in intit.d and chkconfig
>(which is a good practice, but not required).

It's not true in explicit terms, but I don't have much confidence with the
notion of trying to give everybody piecemeal permissions on single-purpose
Linux servers, so my bias is coming through. I don't believe in horizontal
separation of duty, let's put it that way.

What I should have said is that I designed it around the "one admin"
model, and it has gradually evolved to work better in other scenarios.

-- Scott



More information about the users mailing list