Univention Bugzilla – Bug 51837
simplesamlphp traceback due to wrong permissions of /etc/simplesamlphp/serviceprovider_enabled_groups.json
Last modified: 2020-09-10 14:45:55 CEST
Aug 19 10:40:03 ucsserver simplesamlphp[33276]: 3 [5c2f483db6] SimpleSAML_Error_Exception: Error 2 - file_get_contents(/etc/simplesamlphp/serviceprovider_enabled_groups.json): failed to open stream: Permission denied Aug 19 10:40:03 ucsserver simplesamlphp[33276]: 3 [5c2f483db6] SimpleSAML_Error_Exception: Error 2 - array_key_exists() expects parameter 2 to be array, null given On the affected server the permissions were -rw------- 1 root samlcgi 2195 Jul 22 10:35 /etc/simplesamlphp/serviceprovider_enabled_groups.json But the file owner should be samlcgi. As it is unclear how the permissions changed, as a first fix we could check and fix the permissions in the listener when the file is updated.
The listener already sets the permissions at each file update though: saml/univention-saml/listener/univention-saml-groups.py 87 » » with open(tmp_path, 'w+') as outfile: 88 » » » json.dump(data, outfile) 89 » » » os.chmod(tmp_path, 0600) 90 » » » os.chown(tmp_path, uid, gid) 91 » » shutil.move(tmp_path, path)
(In reply to Julia Bremer from comment #1) > The listener already sets the permissions at each file update though: Thats great, i did not check the code before creating the bug. That means a simple workaround other than fixing the file ownership via CLI is to simply modify any groups saml settings.
*** This bug has been marked as a duplicate of bug 51608 ***