Public bug reported:
In 18.04 the systemd unit file for shibd is configured to run shibd as
the _shibd user instead of root. However, in previous versions this has
always been root. Therefore, (besides the problems with curl, see
#1776489 ) the upgrade results in shibd not working correctly since it
can't write to the root owned logs it previously created, and often
can't read the CredentialResolver key, since that would be owned by root
if installed securely.
It would be sensible to at least add information on this change of user
in the release notes of 18.04. I would also suggest a debconf
notification in the package and preferably a script to at least chown
log folders and files on upgrade. The key is hard to automate, but
information from debconf or release notes should inform a sysadmin on
how to continue.
** Affects: shibboleth-sp2 (Ubuntu)
Importance: Undecided
Status: Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1784231
Title:
Unreported change of shibd user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp2/+bug/1784231/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
