diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-09-06 08:39:24 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-09-07 13:03:09 +0200 |
commit | f2fd7588e4efea1ad41a60930ca969802fb9ca42 (patch) | |
tree | 16047693187e42124e527eab5aa026f6c28fc92a /ipaserver/install/dsinstance.py | |
parent | 6f95ff8a4b87dbc1d5d49c5c7b8c8825ddf284f4 (diff) | |
download | freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.gz freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.xz freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.zip |
Fix permissions in installers
Fix permissions for (configuration) files produced by
ipa-server-install or ipa-client-install. This patch is needed
when root has a umask preventing files from being world readable.
https://fedorahosted.org/freeipa/ticket/1644
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r-- | ipaserver/install/dsinstance.py | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 09ef8c525..8ccb22cf0 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -356,13 +356,14 @@ class DsInstance(service.Service): self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) logging.debug(base_txt) - old_umask = os.umask(022) # must be readable for dirsrv - try: - base_fd = open("/var/lib/dirsrv/boot.ldif", "w") - base_fd.write(base_txt) - base_fd.close() - finally: - os.umask(old_umask) + + target_fname = '/var/lib/dirsrv/boot.ldif' + base_fd = open(target_fname, "w") + base_fd.write(base_txt) + base_fd.close() + + # Must be readable for dirsrv + os.chmod(target_fname, 0440) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) logging.debug("writing inf template") |