summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/httpinstance.py
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-09-06 08:39:24 +0200
committerMartin Kosek <mkosek@redhat.com>2011-09-07 13:03:09 +0200
commitf2fd7588e4efea1ad41a60930ca969802fb9ca42 (patch)
tree16047693187e42124e527eab5aa026f6c28fc92a /ipaserver/install/httpinstance.py
parent6f95ff8a4b87dbc1d5d49c5c7b8c8825ddf284f4 (diff)
downloadfreeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.zip
freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.gz
freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.xz
Fix permissions in installers
Fix permissions for (configuration) files produced by ipa-server-install or ipa-client-install. This patch is needed when root has a umask preventing files from being world readable. https://fedorahosted.org/freeipa/ticket/1644
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r--ipaserver/install/httpinstance.py16
1 files changed, 12 insertions, 4 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 04d1ed4..775d5a7 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -136,17 +136,21 @@ class HTTPInstance(service.Service):
os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid)
def __configure_http(self):
+ target_fname = '/etc/httpd/conf.d/ipa.conf'
http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict)
self.fstore.backup_file("/etc/httpd/conf.d/ipa.conf")
- http_fd = open("/etc/httpd/conf.d/ipa.conf", "w")
+ http_fd = open(target_fname, "w")
http_fd.write(http_txt)
http_fd.close()
+ os.chmod(target_fname, 0644)
+ target_fname = '/etc/httpd/conf.d/ipa-rewrite.conf'
http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict)
self.fstore.backup_file("/etc/httpd/conf.d/ipa-rewrite.conf")
- http_fd = open("/etc/httpd/conf.d/ipa-rewrite.conf", "w")
+ http_fd = open(target_fname, "w")
http_fd.write(http_txt)
http_fd.close()
+ os.chmod(target_fname, 0644)
def __disable_mod_ssl(self):
if os.path.exists(SSL_CONF):
@@ -227,10 +231,12 @@ class HTTPInstance(service.Service):
os.chmod(certs.CA_SERIALNO, 0664)
def __setup_autoconfig(self):
+ target_fname = '/usr/share/ipa/html/preferences.html'
prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict)
- prefs_fd = open("/usr/share/ipa/html/preferences.html", "w")
+ prefs_fd = open(target_fname, "w")
prefs_fd.write(prefs_txt)
prefs_fd.close()
+ os.chmod(target_fname, 0644)
# The signing cert is generated in __setup_ssl
db = certs.CertDB(self.realm, subject_base=self.subject_base)
@@ -240,12 +246,14 @@ class HTTPInstance(service.Service):
pwdfile.close()
tmpdir = tempfile.mkdtemp(prefix = "tmp-")
+ target_fname = '/usr/share/ipa/html/configure.jar'
shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir)
db.run_signtool(["-k", "Signing-Cert",
- "-Z", "/usr/share/ipa/html/configure.jar",
+ "-Z", target_fname,
"-e", ".html", "-p", pwd,
tmpdir])
shutil.rmtree(tmpdir)
+ os.chmod(target_fname, 0755) # everyone can execute the jar
def __publish_ca_cert(self):
ca_db = certs.CertDB(self.realm)