sudo and DYLD_LIBRARY_PATH
I've installed the shibboleth service provider modules on my macbook under /opt/shibboleth-sp. This means that shared libraries are under /opt/shibboleth-sp/lib, and this isn't somewhere OS X expects to look for shared libraries.

That's a problem when you run apache or shibd, which will both complain that they can't find what they need.

You can tell the OS where to find the libraries with

export DYLD_LIBRARY_PATH=/opt/shibboleth-sp

before you attempt to run any of the apps, and you can even add it to your .bash_profile so it's always set. However, if you need to run one of these apps as root:

sudo /opt/apache2/bin/apachectl restart

you'll still see the errors about missing libraries.

I've been trying to find a way to set the library path for root, but because of the way sudo invokes the shell (non-login, non-interactive) there don't seem to be any suitable .profile-like scripts which will get read. If you actually log in as root:

sudo su -l

then your root .profile will certainly get read - but I don't want to log in as root every time I need to restart apache.

There's an env_keep option in the sudoers file to keep existing environment variables for the subshell, but from what I can see in other discussions, setuid apps like sudo don't get the option to inherit anything related to dynamic library paths. I can see there would be a good reason for that.

So: current plan is to create a very small wrapper script which sets the DYLD_LIBRARY_PATH and invokes a supplied command, then use that through sudo.

T
- posted by Tim Bruce @ 12:49 PM