From f2fd7588e4efea1ad41a60930ca969802fb9ca42 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Tue, 6 Sep 2011 08:39:24 +0200 Subject: Fix permissions in installers Fix permissions for (configuration) files produced by ipa-server-install or ipa-client-install. This patch is needed when root has a umask preventing files from being world readable. https://fedorahosted.org/freeipa/ticket/1644 --- ipa-client/ipa-install/ipa-client-install | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'ipa-client/ipa-install/ipa-client-install') diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 5f0c3c92a..890a9fb91 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -345,8 +345,10 @@ def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server): opts.append({'name':'global', 'type':'section', 'value':defopts}) opts.append({'name':'empty', 'type':'empty'}) - fstore.backup_file("/etc/ipa/default.conf") - ipaconf.newConf("/etc/ipa/default.conf", opts) + target_fname = '/etc/ipa/default.conf' + fstore.backup_file(target_fname) + ipaconf.newConf(target_fname, opts) + os.chmod(target_fname, 0644) return 0 @@ -519,7 +521,8 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, c logging.debug("Writing Kerberos configuration to %s:\n%s" % (filename, krbconf.dump(opts))) - krbconf.newConf(filename, opts); + krbconf.newConf(filename, opts) + os.chmod(filename, 0644) return 0 -- cgit