projects / shibboleth / sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Run shibd as non-root
[shibboleth/sp.git] / debian / libapache2-mod-shib2.postinst
diff --git a/debian/libapache2-mod-shib2.postinst b/debian/libapache2-mod-shib2.postinst
index 12594d1..9cd4ce7 100755 (executable)
--- a/debian/libapache2-mod-shib2.postinst
+++ b/debian/libapache2-mod-shib2.postinst
@@ -24,6 +24,12 @@ if [ "$1" = "configure" ] ; then
     if [ -z "$2" ] ; then
         a2dismod shib 2>/dev/null || true
     fi
+
+    if ! getent passwd _shibd > /dev/null ; then
+        echo 'Adding system-user for Shibboleth daemon' 1>&2
+        adduser --system --group --quiet --home /var/log/shibboleth \
+            --no-create-home --disabled-login --force-badname _shibd
+    fi
 fi
 
 #DEBHELPER#
Shibboleth SP