summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-09-06 08:39:24 +0200
committerMartin Kosek <mkosek@redhat.com>2011-09-07 13:03:09 +0200
commitf2fd7588e4efea1ad41a60930ca969802fb9ca42 (patch)
tree16047693187e42124e527eab5aa026f6c28fc92a /install
parent6f95ff8a4b87dbc1d5d49c5c7b8c8825ddf284f4 (diff)
downloadfreeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.gz
freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.xz
freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.zip
Fix permissions in installers
Fix permissions for (configuration) files produced by ipa-server-install or ipa-client-install. This patch is needed when root has a umask preventing files from being world readable. https://fedorahosted.org/freeipa/ticket/1644
Diffstat (limited to 'install')
-rwxr-xr-xinstall/tools/ipa-server-install34
1 files changed, 17 insertions, 17 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index cb51b1daf..0572d4f26 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -820,23 +820,23 @@ def main():
logging.debug("will use dns_forwarders: %s\n" % str(dns_forwarders))
# Create the management framework config file and finalize api
- old_umask = os.umask(022) # must be readable for httpd
- try:
- fd = open("/etc/ipa/default.conf", "w")
- fd.write("[global]\n")
- fd.write("host=" + host_name + "\n")
- fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
- fd.write("realm=" + realm_name + "\n")
- fd.write("domain=" + domain_name + "\n")
- fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name)
- fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
- fd.write("enable_ra=True\n")
- if not options.selfsign:
- fd.write("ra_plugin=dogtag\n")
- fd.write("mode=production\n")
- fd.close()
- finally:
- os.umask(old_umask)
+ target_fname = '/etc/ipa/default.conf'
+ fd = open(target_fname, "w")
+ fd.write("[global]\n")
+ fd.write("host=" + host_name + "\n")
+ fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
+ fd.write("realm=" + realm_name + "\n")
+ fd.write("domain=" + domain_name + "\n")
+ fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name)
+ fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
+ fd.write("enable_ra=True\n")
+ if not options.selfsign:
+ fd.write("ra_plugin=dogtag\n")
+ fd.write("mode=production\n")
+ fd.close()
+
+ # Must be readable for everyone
+ os.chmod(target_fname, 0644)
api.bootstrap(**cfg)
api.finalize()