diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-09-06 08:39:24 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-09-07 13:03:09 +0200 |
| commit | f2fd7588e4efea1ad41a60930ca969802fb9ca42 (patch) | |
| tree | 16047693187e42124e527eab5aa026f6c28fc92a /ipaserver/install/httpinstance.py | |
| parent | 6f95ff8a4b87dbc1d5d49c5c7b8c8825ddf284f4 (diff) | |
| download | freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.gz freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.tar.xz freeipa-f2fd7588e4efea1ad41a60930ca969802fb9ca42.zip | |
Fix permissions in installers
Fix permissions for (configuration) files produced by
ipa-server-install or ipa-client-install. This patch is needed
when root has a umask preventing files from being world readable.
https://fedorahosted.org/freeipa/ticket/1644
Diffstat (limited to 'ipaserver/install/httpinstance.py')
| -rw-r--r-- | ipaserver/install/httpinstance.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 04d1ed402..775d5a781 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -136,17 +136,21 @@ class HTTPInstance(service.Service): os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) def __configure_http(self): + target_fname = '/etc/httpd/conf.d/ipa.conf' http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict) self.fstore.backup_file("/etc/httpd/conf.d/ipa.conf") - http_fd = open("/etc/httpd/conf.d/ipa.conf", "w") + http_fd = open(target_fname, "w") http_fd.write(http_txt) http_fd.close() + os.chmod(target_fname, 0644) + target_fname = '/etc/httpd/conf.d/ipa-rewrite.conf' http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict) self.fstore.backup_file("/etc/httpd/conf.d/ipa-rewrite.conf") - http_fd = open("/etc/httpd/conf.d/ipa-rewrite.conf", "w") + http_fd = open(target_fname, "w") http_fd.write(http_txt) http_fd.close() + os.chmod(target_fname, 0644) def __disable_mod_ssl(self): if os.path.exists(SSL_CONF): @@ -227,10 +231,12 @@ class HTTPInstance(service.Service): os.chmod(certs.CA_SERIALNO, 0664) def __setup_autoconfig(self): + target_fname = '/usr/share/ipa/html/preferences.html' prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict) - prefs_fd = open("/usr/share/ipa/html/preferences.html", "w") + prefs_fd = open(target_fname, "w") prefs_fd.write(prefs_txt) prefs_fd.close() + os.chmod(target_fname, 0644) # The signing cert is generated in __setup_ssl db = certs.CertDB(self.realm, subject_base=self.subject_base) @@ -240,12 +246,14 @@ class HTTPInstance(service.Service): pwdfile.close() tmpdir = tempfile.mkdtemp(prefix = "tmp-") + target_fname = '/usr/share/ipa/html/configure.jar' shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir) db.run_signtool(["-k", "Signing-Cert", - "-Z", "/usr/share/ipa/html/configure.jar", + "-Z", target_fname, "-e", ".html", "-p", pwd, tmpdir]) shutil.rmtree(tmpdir) + os.chmod(target_fname, 0755) # everyone can execute the jar def __publish_ca_cert(self): ca_db = certs.CertDB(self.realm) |