$> sudo chown -R root.root /opt/shibboleth-idp $> sudo chmod -R go=u-w /opt/shibboleth-idp/ $> sudo chown -R tomcat.tomcat /opt/shibboleth-idp/metadata $> sudo chown -R tomcat.tomcat /opt/shibboleth-idp/logs $> sudo chmod u=rw,g=r,o= /opt/shibboleth-idp/credentials/* $> sudo chgrp tomcat /opt/shibboleth-idp/credentials/*