diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-04-28 15:28:13 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-30 09:44:48 -0400 |
commit | 274eb708c28abf25087c3656ec93370c2000efd3 (patch) | |
tree | 8b7bde0d3b14ebfcbab0b6aa55e44799630e5d54 /ipa-server | |
parent | 306d8241b3c635fe9d0c9a92166066463dda1b8c (diff) | |
download | freeipa-274eb708c28abf25087c3656ec93370c2000efd3.tar.gz freeipa-274eb708c28abf25087c3656ec93370c2000efd3.tar.xz freeipa-274eb708c28abf25087c3656ec93370c2000efd3.zip |
Fix ownership of the Apache NSS cert and key databases.
The group "apache" needs to have read access to them so they will work in
Fedora 9+.
Diffstat (limited to 'ipa-server')
-rw-r--r-- | ipa-server/ipaserver/httpinstance.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py index a55cf2554..c5f8b50f5 100644 --- a/ipa-server/ipaserver/httpinstance.py +++ b/ipa-server/ipaserver/httpinstance.py @@ -160,6 +160,16 @@ class HTTPInstance(service.Service): ca.create_server_cert("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ds_ca) ca.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ds_ca) + # Fix the database permissions + os.chmod(NSS_DIR + "/cert8.db", 0640) + os.chmod(NSS_DIR + "/key3.db", 0640) + os.chmod(NSS_DIR + "/secmod.db", 0640) + + pent = pwd.getpwnam("apache") + os.chown(NSS_DIR + "/cert8.db", 0, pent.pw_gid ) + os.chown(NSS_DIR + "/key3.db", 0, pent.pw_gid ) + os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid ) + def __setup_autoconfig(self): prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict) prefs_fd = open("/usr/share/ipa/html/preferences.html", "w") |