From d0ce604b4d69d7f6fa5e0bb81647f839abd6291d Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Tue, 30 Aug 2011 16:32:40 +0200 Subject: Fix permissions in installers Fix permissions for (configuration) files produced by ipa-server-install or ipa-client-install. This patch is needed when root has a umask preventing files from being world readable. https://fedorahosted.org/freeipa/ticket/1644 --- ipaserver/install/krbinstance.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'ipaserver/install/krbinstance.py') diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 8f2cf2c05..dcf10a7cd 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -282,13 +282,15 @@ class KrbInstance(service.Service): def __add_default_acis(self): self._ldap_mod("default-aci.ldif", self.sub_dict) - def __template_file(self, path): + def __template_file(self, path, chmod=0644): template = os.path.join(ipautil.SHARE_DIR, os.path.basename(path) + ".template") conf = ipautil.template_file(template, self.sub_dict) self.fstore.backup_file(path) fd = open(path, "w+") fd.write(conf) fd.close() + if chmod is not None: + os.chmod(path, chmod) def __init_ipa_kdb(self): #populate the directory with the realm structure @@ -301,7 +303,7 @@ class KrbInstance(service.Service): print "Failed to initialize the realm container" def __configure_instance(self): - self.__template_file("/var/kerberos/krb5kdc/kdc.conf") + self.__template_file("/var/kerberos/krb5kdc/kdc.conf", chmod=None) self.__template_file("/etc/krb5.conf") self.__template_file("/usr/share/ipa/html/krb5.ini") self.__template_file("/usr/share/ipa/html/krb.con") -- cgit