From d0ce604b4d69d7f6fa5e0bb81647f839abd6291d Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Tue, 30 Aug 2011 16:32:40 +0200
Subject: Fix permissions in installers

Fix permissions for (configuration) files produced by
ipa-server-install or ipa-client-install. This patch is needed
when root has a umask preventing files from being world readable.

https://fedorahosted.org/freeipa/ticket/1644
---
 ipaserver/install/dsinstance.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'ipaserver/install/dsinstance.py')

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index fdbddb0ee..2b996b5c8 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -356,13 +356,14 @@ class DsInstance(service.Service):
         self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower()
         base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict)
         logging.debug(base_txt)
-        old_umask = os.umask(022)   # must be readable for dirsrv
-        try:
-            base_fd = open("/var/lib/dirsrv/boot.ldif", "w")
-            base_fd.write(base_txt)
-            base_fd.close()
-        finally:
-            os.umask(old_umask)
+
+        target_fname = '/var/lib/dirsrv/boot.ldif'
+        base_fd = open(target_fname, "w")
+        base_fd.write(base_txt)
+        base_fd.close()
+
+        # Must be readable for dirsrv
+        os.chmod(target_fname, 0440)
 
         inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict)
         logging.debug("writing inf template")
-- 
cgit