summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/dsinstance.py
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-09-06 08:39:24 +0200
committerMartin Kosek <mkosek@redhat.com>2011-09-07 13:03:09 +0200
commitf2fd7588e4efea1ad41a60930ca969802fb9ca42 (patch)
tree16047693187e42124e527eab5aa026f6c28fc92a /ipaserver/install/dsinstance.py
parent6f95ff8a4b87dbc1d5d49c5c7b8c8825ddf284f4 (diff)
downloadfreeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.zip
freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.gz
freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.xz
Fix permissions in installers
Fix permissions for (configuration) files produced by ipa-server-install or ipa-client-install. This patch is needed when root has a umask preventing files from being world readable. https://fedorahosted.org/freeipa/ticket/1644
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r--ipaserver/install/dsinstance.py15
1 files changed, 8 insertions, 7 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 09ef8c5..8ccb22c 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -356,13 +356,14 @@ class DsInstance(service.Service):
self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower()
base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict)
logging.debug(base_txt)
- old_umask = os.umask(022) # must be readable for dirsrv
- try:
- base_fd = open("/var/lib/dirsrv/boot.ldif", "w")
- base_fd.write(base_txt)
- base_fd.close()
- finally:
- os.umask(old_umask)
+
+ target_fname = '/var/lib/dirsrv/boot.ldif'
+ base_fd = open(target_fname, "w")
+ base_fd.write(base_txt)
+ base_fd.close()
+
+ # Must be readable for dirsrv
+ os.chmod(target_fname, 0440)
inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict)
logging.debug("writing inf template")