projects / shibboleth / cpp-sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SSPCPP-659 - shibd doesn't set any umask
[shibboleth/cpp-sp.git] / configs / shibd-redhat.in
diff --git a/configs/shibd-redhat.in b/configs/shibd-redhat.in
index ee536cb..c4fb2ca 100644 (file)
--- a/configs/shibd-redhat.in
+++ b/configs/shibd-redhat.in
@@ -25,12 +25,15 @@
 
 shibd="@-PREFIX-@/sbin/shibd"
 SHIBD_USER=root
+SHIBD_UMASK=022
 prog=shibd
 pidfile=@-PKGRUNDIR-@/shibd.pid
 lockfile=/var/lock/subsys/$prog
 
 [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
 
+umask $SHIBD_UMASK
+
 start() {
        echo -n $"Starting $prog: "
        if [ -f $lockfile ] ; then
@@ -51,11 +54,9 @@ start() {
        export SHIBD_PID=$pidfile
        touch $pidfile
        chown $SHIBD_USER:$SHIBD_USER $pidfile
-       if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
-               /sbin/restorecon $pidfile
-       fi
+
        # Handle transition from root to non-root packages.
-       chown -R $SHIBD_USER:$SHIBD_USER @-PKGRUNDIR-@ 2>/dev/null || :
+       chown -R $SHIBD_USER:$SHIBD_USER @-PKGRUNDIR-@ @-PKGCACHEDIR-@ 2>/dev/null || :
        daemon --user $SHIBD_USER $shibd -p $pidfile -f -w 30
 
        RETVAL=$?
Unnamed repository; edit this file 'description' to name the repository.