diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-08-30 16:32:40 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-09-07 13:02:43 +0200 |
commit | d0ce604b4d69d7f6fa5e0bb81647f839abd6291d (patch) | |
tree | e26f64ecdf6335410fe588eb8601a522943aeed8 /ipaserver/install/krbinstance.py | |
parent | 95beb84464b59813c050aa87fb39aea5a0bf6c39 (diff) | |
download | freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.tar.gz freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.tar.xz freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.zip |
Fix permissions in installers
Fix permissions for (configuration) files produced by
ipa-server-install or ipa-client-install. This patch is needed
when root has a umask preventing files from being world readable.
https://fedorahosted.org/freeipa/ticket/1644
Diffstat (limited to 'ipaserver/install/krbinstance.py')
-rw-r--r-- | ipaserver/install/krbinstance.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 8f2cf2c05..dcf10a7cd 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -282,13 +282,15 @@ class KrbInstance(service.Service): def __add_default_acis(self): self._ldap_mod("default-aci.ldif", self.sub_dict) - def __template_file(self, path): + def __template_file(self, path, chmod=0644): template = os.path.join(ipautil.SHARE_DIR, os.path.basename(path) + ".template") conf = ipautil.template_file(template, self.sub_dict) self.fstore.backup_file(path) fd = open(path, "w+") fd.write(conf) fd.close() + if chmod is not None: + os.chmod(path, chmod) def __init_ipa_kdb(self): #populate the directory with the realm structure @@ -301,7 +303,7 @@ class KrbInstance(service.Service): print "Failed to initialize the realm container" def __configure_instance(self): - self.__template_file("/var/kerberos/krb5kdc/kdc.conf") + self.__template_file("/var/kerberos/krb5kdc/kdc.conf", chmod=None) self.__template_file("/etc/krb5.conf") self.__template_file("/usr/share/ipa/html/krb5.ini") self.__template_file("/usr/share/ipa/html/krb.con") |