Univention Bugzilla – Bug 34233
Saml doesn't set permissions correctly
Last modified: 2014-04-07 21:30:43 CEST
At least for the Amazon AMI the installation of the appcenter module doesn't set the permissions on /usr/share/simplesamlphp/config/config.php correctly. The log entry looks the following [Mon Mar 03 23:31:25 2014] [notice] Apache/2.2.16 (Univention) PHP/5.3.3-7.190.201312160852 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations [Mon Mar 03 23:31:38 2014] [error] [client 24.18.112.117] PHP Warning: require(/etc/simplesamlphp/config.php): failed to open stream: Permission denied in /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php on line 95 [Mon Mar 03 23:31:38 2014] [error] [client 24.18.112.117] PHP Fatal error: require(): Failed opening required '/usr/share/simplesamlphp/config/config.php' (include_path='.:/usr/share/php:/usr/share/pear') in /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php on line 95 [Mon Mar 03 23:34:02 2014] [error] [client 24.18.112.117] PHP Warning: require(/etc/simplesamlphp/config.php): failed to open stream: Permission denied in /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php on line 95 [Mon Mar 03 23:34:02 2014] [error] [client 24.18.112.117] PHP Fatal error: require(): Failed opening required '/usr/share/simplesamlphp/config/config.php' (include_path='.:/usr/share/php:/usr/share/pear') in /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php on line 95 [Mon Mar 03 23:35:37 2014] [notice] caught SIGTERM, shutting down [Mon Mar 03 23:35:40 2014] [notice] Apache/2.2.16 (Univention) PHP/5.3.3-7.190.201312160852 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations [Mon Mar 03 23:35:52 2014] [error] [client 24.18.112.117] PHP Warning: require(/etc/simplesamlphp/config.php): failed to open stream: Permission denied in /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php on line 95 [Mon Mar 03 23:35:52 2014] [error] [client 24.18.112.117] PHP Fatal error: require(): Failed opening required '/usr/share/simplesamlphp/config/config.php' (include_path='.:/usr/share/php:/usr/share/pear') in /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php on line 95 root@master:/var/log/apache2# cat /etc/issue Univention DC Master 3.2-1: The UCS management system is available at https://master.samlcebitnet.univention.de/ (10.34.222.177) You can log into the Univention Management Console - the principal tool to manage users, groups, etc. - using the "Administrator" account and the password selected for the root user on the master domain controller. root@master:/var/log/apache2# apt-cache policy univention-saml univention-saml: Installiert: 1.0.10-1.23.201311041442 Kandidat: 1.0.10-1.23.201311041442 Versionstabelle: *** 1.0.10-1.23.201311041442 0 500 http://appcenter.software-univention.de/univention-repository/3.2/maintained/component/ simplesamlphp_20131022/all/ Packages 100 /var/lib/dpkg/status root@master:/var/log/apache2# ls -lash /usr/share/simplesamlphp/config/config.php 24K -rw-r----- 1 root root 22K 3. Mär 23:30 /usr/share/simplesamlphp/config/config.php
Same goes true for authsources.php root@master:/var/log/apache2# ls -lash /usr/share/simplesamlphp/config/authsources.php 8,0K -rw-r----- 1 root root 4,3K 26. Feb 21:19 /usr/share/simplesamlphp/config/authsources.php
Manually changing the status only works till the settings for the Provider change.
File permissions were not explicitly set in the .univention-config-registry file. Fixed in univention-saml 1.0.11-1.24.201403041128 A new Univention SAML app version is available in the test app center: 1.3
Installation: OK Upgrade: OK
The App is now available in the public app center