summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/bindinstance.py2
-rw-r--r--ipaserver/install/cainstance.py10
-rw-r--r--ipaserver/install/certs.py4
-rw-r--r--ipaserver/install/dnskeysyncinstance.py18
-rw-r--r--ipaserver/install/dsinstance.py6
-rw-r--r--ipaserver/install/httpinstance.py22
-rw-r--r--ipaserver/install/ipa_backup.py8
-rw-r--r--ipaserver/install/ipa_replica_prepare.py4
-rw-r--r--ipaserver/install/ipa_restore.py14
-rw-r--r--ipaserver/install/ipa_server_certinstall.py6
-rw-r--r--ipaserver/install/krbinstance.py4
-rw-r--r--ipaserver/install/odsexporterinstance.py2
-rw-r--r--ipaserver/install/opendnssecinstance.py16
-rw-r--r--ipaserver/install/server/install.py6
-rw-r--r--ipaserver/install/server/replicainstall.py4
-rw-r--r--ipaserver/install/server/upgrade.py2
16 files changed, 64 insertions, 64 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 9705e845a..6d3470373 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -922,7 +922,7 @@ class BindInstance(service.Service):
# Make sure access is strictly reserved to the named user
pent = pwd.getpwnam(self.named_user)
os.chown(paths.NAMED_KEYTAB, pent.pw_uid, pent.pw_gid)
- os.chmod(paths.NAMED_KEYTAB, 0400)
+ os.chmod(paths.NAMED_KEYTAB, 0o400)
# modify the principal so that it is marked as an ipa service so that
# it can host the memberof attribute, then also add it to the
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 5fd3017e1..c1fa1fc27 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1090,9 +1090,9 @@ class CAInstance(DogtagInstance):
raise RuntimeError("Unable to submit RA cert request")
def fix_ra_perms(self):
- os.chmod(self.ra_agent_db + "/cert8.db", 0640)
- os.chmod(self.ra_agent_db + "/key3.db", 0640)
- os.chmod(self.ra_agent_db + "/secmod.db", 0640)
+ os.chmod(self.ra_agent_db + "/cert8.db", 0o640)
+ os.chmod(self.ra_agent_db + "/key3.db", 0o640)
+ os.chmod(self.ra_agent_db + "/secmod.db", 0o640)
pent = pwd.getpwnam("apache")
os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
@@ -1116,7 +1116,7 @@ class CAInstance(DogtagInstance):
if not os.path.exists(publishdir):
os.mkdir(publishdir)
- os.chmod(publishdir, 0775)
+ os.chmod(publishdir, 0o775)
pent = pwd.getpwnam(PKI_USER)
os.chown(publishdir, 0, pent.pw_gid)
@@ -1252,7 +1252,7 @@ class CAInstance(DogtagInstance):
fd = open(location, "w+")
fd.write(cert)
fd.close()
- os.chmod(location, 0444)
+ os.chmod(location, 0o444)
def configure_certmonger_renewal(self):
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 564332e6f..e8084950e 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -293,7 +293,7 @@ class CertDB(object):
/usr/lib[64]/ipa/certmonger.
"""
if command is not None and not os.path.isabs(command):
- if sys.maxsize > 2**32L:
+ if sys.maxsize > 2**32:
libpath = 'lib64'
else:
libpath = 'lib'
@@ -647,7 +647,7 @@ class CertDB(object):
def publish_ca_cert(self, location):
shutil.copy(self.cacert_fname, location)
- os.chmod(location, 0444)
+ os.chmod(location, 0o444)
def export_pem_cert(self, nickname, location):
return self.nssdb.export_pem_cert(nickname, location)
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 7d1351ccc..f593b7134 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -89,9 +89,9 @@ class DNSKeySyncInstance(service.Service):
self.named_gid = self.__get_named_gid()
if not os.path.exists(paths.BIND_LDAP_DNS_IPA_WORKDIR):
- os.mkdir(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0770)
+ os.mkdir(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
# dnssec daemons require to have access into the directory
- os.chmod(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0770)
+ os.chmod(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
os.chown(paths.BIND_LDAP_DNS_IPA_WORKDIR, self.named_uid,
self.named_gid)
@@ -200,7 +200,7 @@ class DNSKeySyncInstance(service.Service):
# create dnssec directory
if not os.path.exists(paths.IPA_DNSSEC_DIR):
self.logger.debug("Creating %s directory", paths.IPA_DNSSEC_DIR)
- os.mkdir(paths.IPA_DNSSEC_DIR, 0770)
+ os.mkdir(paths.IPA_DNSSEC_DIR, 0o770)
# chown ods:named
os.chown(paths.IPA_DNSSEC_DIR, self.ods_uid, self.named_gid)
@@ -245,7 +245,7 @@ class DNSKeySyncInstance(service.Service):
paths.DNSSEC_TOKENS_DIR)
# sticky bit is required by daemon
os.mkdir(paths.DNSSEC_TOKENS_DIR)
- os.chmod(paths.DNSSEC_TOKENS_DIR, 0770 | stat.S_ISGID)
+ os.chmod(paths.DNSSEC_TOKENS_DIR, 0o770 | stat.S_ISGID)
# chown to ods:named
os.chown(paths.DNSSEC_TOKENS_DIR, self.ods_uid, self.named_gid)
@@ -261,7 +261,7 @@ class DNSKeySyncInstance(service.Service):
named_fd.truncate(0)
named_fd.write(pin)
named_fd.close()
- os.chmod(paths.DNSSEC_SOFTHSM_PIN, 0770)
+ os.chmod(paths.DNSSEC_SOFTHSM_PIN, 0o770)
# chown to ods:named
os.chown(paths.DNSSEC_SOFTHSM_PIN, self.ods_uid, self.named_gid)
@@ -272,7 +272,7 @@ class DNSKeySyncInstance(service.Service):
named_fd.write(pin_so)
named_fd.close()
# owner must be root
- os.chmod(paths.DNSSEC_SOFTHSM_PIN_SO, 0400)
+ os.chmod(paths.DNSSEC_SOFTHSM_PIN_SO, 0o400)
# initialize SoftHSM
@@ -398,12 +398,12 @@ class DNSKeySyncInstance(service.Service):
for (root, dirs, files) in os.walk(paths.DNSSEC_TOKENS_DIR):
for directory in dirs:
dir_path = os.path.join(root, directory)
- os.chmod(dir_path, 0770 | stat.S_ISGID)
+ os.chmod(dir_path, 0o770 | stat.S_ISGID)
# chown to ods:named
os.chown(dir_path, self.ods_uid, self.named_gid)
for filename in files:
file_path = os.path.join(root, filename)
- os.chmod(file_path, 0770 | stat.S_ISGID)
+ os.chmod(file_path, 0o770 | stat.S_ISGID)
# chown to ods:named
os.chown(file_path, self.ods_uid, self.named_gid)
@@ -432,7 +432,7 @@ class DNSKeySyncInstance(service.Service):
# Make sure access is strictly reserved to the named user
os.chown(paths.IPA_DNSKEYSYNCD_KEYTAB, 0, self.ods_gid)
- os.chmod(paths.IPA_DNSKEYSYNCD_KEYTAB, 0440)
+ os.chmod(paths.IPA_DNSKEYSYNCD_KEYTAB, 0o440)
dns_group = DN(('cn', 'DNS Servers'), ('cn', 'privileges'),
('cn', 'pbac'), self.suffix)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index d561ca5b6..f7360f5b4 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -425,7 +425,7 @@ class DsInstance(service.Service):
base_fd.close()
# Must be readable for dirsrv
- os.chmod(target_fname, 0440)
+ os.chmod(target_fname, 0o440)
os.chown(target_fname, pent.pw_uid, pent.pw_gid)
inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict)
@@ -463,7 +463,7 @@ class DsInstance(service.Service):
for schema_fname in IPA_SCHEMA_FILES:
target_fname = schema_dirname(self.serverid) + schema_fname
shutil.copyfile(ipautil.SHARE_DIR + schema_fname, target_fname)
- os.chmod(target_fname, 0440) # read access for dirsrv user/group
+ os.chmod(target_fname, 0o440) # read access for dirsrv user/group
os.chown(target_fname, pent.pw_uid, pent.pw_gid)
try:
@@ -472,7 +472,7 @@ class DsInstance(service.Service):
target_fname = schema_dirname(self.serverid) + "05rfc2247.ldif"
shutil.copyfile(ipautil.SHARE_DIR + "05rfc2247.ldif", target_fname)
- os.chmod(target_fname, 0440)
+ os.chmod(target_fname, 0o440)
os.chown(target_fname, pent.pw_uid, pent.pw_gid)
except IOError:
# Does not apply with newer DS releases
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 792825621..7dcdda03d 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -186,7 +186,7 @@ class HTTPInstance(service.Service):
http_fd = open(target_fname, "w")
http_fd.write(http_txt)
http_fd.close()
- os.chmod(target_fname, 0644)
+ os.chmod(target_fname, 0o644)
target_fname = paths.HTTPD_IPA_REWRITE_CONF
http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict)
@@ -194,7 +194,7 @@ class HTTPInstance(service.Service):
http_fd = open(target_fname, "w")
http_fd.write(http_txt)
http_fd.close()
- os.chmod(target_fname, 0644)
+ os.chmod(target_fname, 0o644)
def change_mod_nss_port_from_http(self):
# mod_ssl enforces SSLEngine on for vhost on 443 even though
@@ -301,10 +301,10 @@ class HTTPInstance(service.Service):
db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db)
# Fix the database permissions
- os.chmod(certs.NSS_DIR + "/cert8.db", 0660)
- os.chmod(certs.NSS_DIR + "/key3.db", 0660)
- os.chmod(certs.NSS_DIR + "/secmod.db", 0660)
- os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660)
+ os.chmod(certs.NSS_DIR + "/cert8.db", 0o660)
+ os.chmod(certs.NSS_DIR + "/key3.db", 0o660)
+ os.chmod(certs.NSS_DIR + "/secmod.db", 0o660)
+ os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0o660)
pent = pwd.getpwnam("apache")
os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
@@ -325,7 +325,7 @@ class HTTPInstance(service.Service):
ipautil.copy_template_file(
ipautil.SHARE_DIR + "preferences.html.template",
target_fname, self.sub_dict)
- os.chmod(target_fname, 0644)
+ os.chmod(target_fname, 0o644)
# The signing cert is generated in __setup_ssl
db = certs.CertDB(self.realm, subject_base=self.subject_base)
@@ -342,7 +342,7 @@ class HTTPInstance(service.Service):
"-e", ".html", "-p", pwd,
tmpdir])
shutil.rmtree(tmpdir)
- os.chmod(target_fname, 0644)
+ os.chmod(target_fname, 0o644)
else:
root_logger.warning('Object-signing certificate was not found; '
'therefore, configure.jar was not created.')
@@ -361,7 +361,7 @@ class HTTPInstance(service.Service):
ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template",
target_fname, sub_dict)
- os.chmod(target_fname, 0644)
+ os.chmod(target_fname, 0o644)
# Setup extension
tmpdir = tempfile.mkdtemp(prefix="tmp-")
@@ -380,7 +380,7 @@ class HTTPInstance(service.Service):
ipautil.run([paths.ZIP, '-r', target_fname] + filenames,
cwd=extdir)
shutil.rmtree(tmpdir)
- os.chmod(target_fname, 0644)
+ os.chmod(target_fname, 0o644)
def __publish_ca_cert(self):
ca_db = certs.CertDB(self.realm)
@@ -441,7 +441,7 @@ class HTTPInstance(service.Service):
self.fstore.backup_file(target_fname)
with open(target_fname, 'w') as f:
f.write(http_txt)
- os.chmod(target_fname, 0644)
+ os.chmod(target_fname, 0o644)
def uninstall(self):
if self.is_configured():
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index f7e032ae5..685c618d8 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -263,9 +263,9 @@ class Backup(admintool.AdminTool):
self.top_dir = tempfile.mkdtemp("ipa")
os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
- os.chmod(self.top_dir, 0750)
+ os.chmod(self.top_dir, 0o750)
self.dir = os.path.join(self.top_dir, "ipa")
- os.mkdir(self.dir, 0750)
+ os.mkdir(self.dir, 0o750)
os.chown(self.dir, pent.pw_uid, pent.pw_gid)
@@ -554,7 +554,7 @@ class Backup(admintool.AdminTool):
backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
filename = os.path.join(backup_dir, "ipa-full.tar")
- os.mkdir(backup_dir, 0700)
+ os.mkdir(backup_dir, 0o700)
cwd = os.getcwd()
os.chdir(self.dir)
@@ -585,7 +585,7 @@ class Backup(admintool.AdminTool):
if instance != 'PKI-IPA':
return os.path.join(paths.VAR_LIB_DIRSRV, 'scripts-%s' % instance)
else:
- if sys.maxsize > 2**32L:
+ if sys.maxsize > 2**32:
libpath = 'lib64'
else:
libpath = 'lib'
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index 5246f5f54..55cdb8ad2 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -345,7 +345,7 @@ class ReplicaPrepare(admintool.AdminTool):
self.top_dir = tempfile.mkdtemp("ipa")
self.dir = os.path.join(self.top_dir, "realm_info")
- os.mkdir(self.dir, 0700)
+ os.mkdir(self.dir, 0o700)
try:
self.copy_ds_certificate()
@@ -475,7 +475,7 @@ class ReplicaPrepare(admintool.AdminTool):
ipautil.encrypt_file(
replicafile, encfile, self.dirman_password, self.top_dir)
- os.chmod(encfile, 0600)
+ os.chmod(encfile, 0o600)
installutils.remove_file(replicafile)
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 528a6daf0..62b31c580 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -57,10 +57,10 @@ def recursive_chown(path, uid, gid):
for root, dirs, files in os.walk(path):
for dir in dirs:
os.chown(os.path.join(root, dir), uid, gid)
- os.chmod(os.path.join(root, dir), 0750)
+ os.chmod(os.path.join(root, dir), 0o750)
for file in files:
os.chown(os.path.join(root, file), uid, gid)
- os.chmod(os.path.join(root, file), 0640)
+ os.chmod(os.path.join(root, file), 0o640)
def decrypt_file(tmpdir, filename, keyring):
@@ -290,9 +290,9 @@ class Restore(admintool.AdminTool):
# Temporary directory for decrypting files before restoring
self.top_dir = tempfile.mkdtemp("ipa")
os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
- os.chmod(self.top_dir, 0750)
+ os.chmod(self.top_dir, 0o750)
self.dir = os.path.join(self.top_dir, "ipa")
- os.mkdir(self.dir, 0750)
+ os.mkdir(self.dir, 0o750)
os.chown(self.dir, pent.pw_uid, pent.pw_gid)
@@ -512,7 +512,7 @@ class Restore(admintool.AdminTool):
if not os.path.exists(ldifdir):
pent = pwd.getpwnam(DS_USER)
- os.mkdir(ldifdir, 0770)
+ os.mkdir(ldifdir, 0o770)
os.chown(ldifdir, pent.pw_uid, pent.pw_gid)
ipautil.backup_file(ldiffile)
@@ -733,7 +733,7 @@ class Restore(admintool.AdminTool):
if instance != 'PKI-IPA':
return os.path.join(paths.VAR_LIB_DIRSRV, 'scripts-%s' % instance)
else:
- if sys.maxsize > 2**32L:
+ if sys.maxsize > 2**32:
libpath = 'lib64'
else:
libpath = 'lib'
@@ -770,7 +770,7 @@ class Restore(admintool.AdminTool):
for dir in dirs:
try:
self.log.debug('Creating %s' % dir)
- os.mkdir(dir, 0770)
+ os.mkdir(dir, 0o770)
os.chown(dir, pent.pw_uid, pent.pw_gid)
tasks.restore_context(dir)
except Exception, e:
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index 2e3e34a5e..d1c3bfd9d 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -147,9 +147,9 @@ class ServerCertInstall(admintool.AdminTool):
'NSSNickname', server_cert)
# Fix the database permissions
- os.chmod(os.path.join(dirname, 'cert8.db'), 0640)
- os.chmod(os.path.join(dirname, 'key3.db'), 0640)
- os.chmod(os.path.join(dirname, 'secmod.db'), 0640)
+ os.chmod(os.path.join(dirname, 'cert8.db'), 0o640)
+ os.chmod(os.path.join(dirname, 'key3.db'), 0o640)
+ os.chmod(os.path.join(dirname, 'secmod.db'), 0o640)
pent = pwd.getpwnam("apache")
os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 648fc7601..b34d00601 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -317,7 +317,7 @@ class KrbInstance(service.Service):
def __add_default_acis(self):
self._ldap_mod("default-aci.ldif", self.sub_dict)
- def __template_file(self, path, chmod=0644):
+ def __template_file(self, path, chmod=0o644):
template = os.path.join(ipautil.SHARE_DIR, os.path.basename(path) + ".template")
conf = ipautil.template_file(template, self.sub_dict)
self.fstore.backup_file(path)
@@ -399,7 +399,7 @@ class KrbInstance(service.Service):
# Make sure access is strictly reserved to root only for now
os.chown(paths.KRB5_KEYTAB, 0, 0)
- os.chmod(paths.KRB5_KEYTAB, 0600)
+ os.chmod(paths.KRB5_KEYTAB, 0o600)
self.move_service_to_host(host_principal)
diff --git a/ipaserver/install/odsexporterinstance.py b/ipaserver/install/odsexporterinstance.py
index c37095cfc..51b0f3efc 100644
--- a/ipaserver/install/odsexporterinstance.py
+++ b/ipaserver/install/odsexporterinstance.py
@@ -108,7 +108,7 @@ class ODSExporterInstance(service.Service):
dns_exporter_principal_dn = p
# Make sure access is strictly reserved to the ods user
- os.chmod(paths.IPA_ODS_EXPORTER_KEYTAB, 0440)
+ os.chmod(paths.IPA_ODS_EXPORTER_KEYTAB, 0o440)
os.chown(paths.IPA_ODS_EXPORTER_KEYTAB, 0, self.ods_gid)
dns_group = DN(('cn', 'DNS Servers'), ('cn', 'privileges'),
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 0f1af828e..a62fa667c 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -212,24 +212,24 @@ class OpenDNSSECInstance(service.Service):
for (root, dirs, files) in os.walk(paths.ETC_OPENDNSSEC_DIR):
for directory in dirs:
dir_path = os.path.join(root, directory)
- os.chmod(dir_path, 0770)
+ os.chmod(dir_path, 0o770)
# chown to root:ods
os.chown(dir_path, 0, self.ods_gid)
for filename in files:
file_path = os.path.join(root, filename)
- os.chmod(file_path, 0660)
+ os.chmod(file_path, 0o660)
# chown to root:ods
os.chown(file_path, 0, self.ods_gid)
for (root, dirs, files) in os.walk(paths.VAR_OPENDNSSEC_DIR):
for directory in dirs:
dir_path = os.path.join(root, directory)
- os.chmod(dir_path, 0770)
+ os.chmod(dir_path, 0o770)
# chown to ods:ods
os.chown(dir_path, self.ods_uid, self.ods_gid)
for filename in files:
file_path = os.path.join(root, filename)
- os.chmod(file_path, 0660)
+ os.chmod(file_path, 0o660)
# chown to ods:ods
os.chown(file_path, self.ods_uid, self.ods_gid)
@@ -250,11 +250,11 @@ class OpenDNSSECInstance(service.Service):
for (root, dirs, files) in os.walk(paths.DNSSEC_TOKENS_DIR):
for directory in dirs:
dir_path = os.path.join(root, directory)
- os.chmod(dir_path, 0770 | stat.S_ISGID)
+ os.chmod(dir_path, 0o770 | stat.S_ISGID)
os.chown(dir_path, self.ods_uid, self.named_gid) # chown to ods:named
for filename in files:
file_path = os.path.join(root, filename)
- os.chmod(file_path, 0770 | stat.S_ISGID)
+ os.chmod(file_path, 0o770 | stat.S_ISGID)
os.chown(file_path, self.ods_uid, self.named_gid) # chown to ods:named
finally:
@@ -276,7 +276,7 @@ class OpenDNSSECInstance(service.Service):
# privileges
shutil.copy(self.kasp_db_file, paths.OPENDNSSEC_KASP_DB)
os.chown(paths.OPENDNSSEC_KASP_DB, self.ods_uid, self.ods_gid)
- os.chmod(paths.OPENDNSSEC_KASP_DB, 0660)
+ os.chmod(paths.OPENDNSSEC_KASP_DB, 0o660)
# regenerate zonelist.xml
ods_enforcerd = services.knownservices.ods_enforcerd
@@ -287,7 +287,7 @@ class OpenDNSSECInstance(service.Service):
zonelistf.write(stdout)
os.chown(paths.OPENDNSSEC_ZONELIST_FILE,
self.ods_uid, self.ods_gid)
- os.chmod(paths.OPENDNSSEC_ZONELIST_FILE, 0660)
+ os.chmod(paths.OPENDNSSEC_ZONELIST_FILE, 0o660)
else:
# initialize new kasp.db
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index b9bf3f34b..015050aa7 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -580,7 +580,7 @@ def install_check(installer):
fd.close()
# Must be readable for everyone
- os.chmod(target_fname, 0644)
+ os.chmod(target_fname, 0o644)
system_hostname = get_fqdn()
if host_name != system_hostname:
@@ -770,7 +770,7 @@ def install(installer):
else:
# Put the CA cert where other instances expect it
x509.write_certificate(http_ca_cert, CACERT)
- os.chmod(CACERT, 0444)
+ os.chmod(CACERT, 0o444)
# we now need to enable ssl on the ds
ds.enable_ssl()
@@ -821,7 +821,7 @@ def install(installer):
# Export full CA chain
ca_db = certs.CertDB(realm_name)
- os.chmod(CACERT, 0644)
+ os.chmod(CACERT, 0o644)
ca_db.publish_ca_cert(CACERT)
set_subject_in_config(realm_name, dm_password,
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 1ad291a1e..a0ae53438 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -105,7 +105,7 @@ def install_ca_cert(ldap, base_dn, realm, cafile):
certs = [c[0] for c in certs if c[2] is not False]
x509.write_certificate_list(certs, constants.CACERT)
- os.chmod(constants.CACERT, 0444)
+ os.chmod(constants.CACERT, 0o444)
except Exception, e:
print "error copying files: " + str(e)
sys.exit(1)
@@ -358,7 +358,7 @@ def install_check(installer):
# Create the management framework config file
# Note: We must do this before bootstraping and finalizing ipalib.api
- old_umask = os.umask(022) # must be readable for httpd
+ old_umask = os.umask(0o22) # must be readable for httpd
try:
fd = open(paths.IPA_DEFAULT_CONF, "w")
fd.write("[global]\n")
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index f295655dc..a342642b0 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -175,7 +175,7 @@ def check_certs():
if not os.path.exists(paths.CA_CRT):
ca_file = paths.ALIAS_CACERT_ASC
if os.path.exists(ca_file):
- old_umask = os.umask(022) # make sure its readable by httpd
+ old_umask = os.umask(0o22) # make sure its readable by httpd
try:
shutil.copyfile(ca_file, paths.CA_CRT)
finally:
generated by cgit (git 2.34.1) at 2024-04-30 23:05:54 +0000