Has shibd to run on the same server
Cantor, Scott
cantor.2 at osu.edu
Thu Jul 24 13:07:13 EDT 2014
On 7/24/14, 1:03 PM, "Ian Rifkin" <irifkin at brandeis.edu> wrote:
>Is that true? You don't need to be root, but you probably need some kind
>of permissions on the server. Apache doesn't need to run as root, shibd
>doesn't need to run as root, shib sp config can be installed anywhere,
>the apache module can be installed anywhere, etc. Off the top of my head,
>you'd only need root for putting something in intit.d and chkconfig
>(which is a good practice, but not required).
It's not true in explicit terms, but I don't have much confidence with the
notion of trying to give everybody piecemeal permissions on single-purpose
Linux servers, so my bias is coming through. I don't believe in horizontal
separation of duty, let's put it that way.
What I should have said is that I designed it around the "one admin"
model, and it has gradually evolved to work better in other scenarios.
-- Scott
More information about the users
mailing list