diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-08-30 16:32:40 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-09-07 13:02:43 +0200 |
| commit | d0ce604b4d69d7f6fa5e0bb81647f839abd6291d (patch) | |
| tree | e26f64ecdf6335410fe588eb8601a522943aeed8 /ipaserver/install/dsinstance.py | |
| parent | 95beb84464b59813c050aa87fb39aea5a0bf6c39 (diff) | |
| download | freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.tar.gz freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.tar.xz freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.zip | |
Fix permissions in installers
Fix permissions for (configuration) files produced by
ipa-server-install or ipa-client-install. This patch is needed
when root has a umask preventing files from being world readable.
https://fedorahosted.org/freeipa/ticket/1644
Diffstat (limited to 'ipaserver/install/dsinstance.py')
| -rw-r--r-- | ipaserver/install/dsinstance.py | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index fdbddb0ee..2b996b5c8 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -356,13 +356,14 @@ class DsInstance(service.Service): self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) logging.debug(base_txt) - old_umask = os.umask(022) # must be readable for dirsrv - try: - base_fd = open("/var/lib/dirsrv/boot.ldif", "w") - base_fd.write(base_txt) - base_fd.close() - finally: - os.umask(old_umask) + + target_fname = '/var/lib/dirsrv/boot.ldif' + base_fd = open(target_fname, "w") + base_fd.write(base_txt) + base_fd.close() + + # Must be readable for dirsrv + os.chmod(target_fname, 0440) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) logging.debug("writing inf template") |