diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-08-17 03:46:30 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-08-17 03:46:30 +0000 |
commit | 4ad7f77b5cfe617884d5058f68723b5b998698a6 (patch) | |
tree | 80eab66fd737141383fdc449921e45b7646ac025 /pki | |
parent | 03b6fed03047d24d7d31343f3143b7407b796454 (diff) | |
download | pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.tar.gz pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.tar.xz pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.zip |
Bugzilla Bug 620925 - CC: auditor needs to be able to download audit logs in the java subsystems
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1201 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
-rwxr-xr-x | pki/base/ca/shared/etc/init.d/pki-cad | 21 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/logging/LogFile.java | 4 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java | 4 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/util/Debug.java | 2 | ||||
-rwxr-xr-x | pki/base/kra/shared/etc/init.d/pki-krad | 21 | ||||
-rwxr-xr-x | pki/base/ocsp/shared/etc/init.d/pki-ocspd | 21 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/wizard.pm | 2 | ||||
-rwxr-xr-x | pki/base/tks/shared/etc/init.d/pki-tksd | 21 | ||||
-rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/wizard.pm | 2 | ||||
-rw-r--r-- | pki/base/tps/src/main/LogFile.cpp | 2 | ||||
-rw-r--r-- | pki/base/tps/src/main/RollingLogFile.cpp | 2 |
11 files changed, 93 insertions, 9 deletions
diff --git a/pki/base/ca/shared/etc/init.d/pki-cad b/pki/base/ca/shared/etc/init.d/pki-cad index fe7386866..f26e89045 100755 --- a/pki/base/ca/shared/etc/init.d/pki-cad +++ b/pki/base/ca/shared/etc/init.d/pki-cad @@ -1385,6 +1385,27 @@ start_instance() PKI_SECURE_PORT="<Port Undefined>" fi + # Set permissions of log files + pki_logs_directory=${PKI_INSTANCE_PATH}/logs + pki_signedAudit="${pki_logs_directory}/signedAudit" + for file in ${pki_logs_directory}/*; do + if [ ! -d "${file}" ]; then + chmod 00640 ${file} + chgrp $TOMCAT_GROUP ${file} + chown $TOMCAT_USER ${file} + fi + done + + # Set permissions of signedAudit log files + # do not set the group id, this will be set by the sgid on the directory + pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l` + if [ ${pki_signedAudit_files} -gt 0 ]; then + for file in ${pki_signedAudit}/*; do + chmod 00640 ${file} + chown $TOMCAT_USER ${file} + done + fi + # ignore "status" return codes echo display_instance_status diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java index b5239a8fa..cf2ae1b9f 100644 --- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java @@ -486,7 +486,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { if( !Utils.isNT() ) { // Always insure that a physical file exists! Utils.exec( "touch " + mFileName ); - Utils.exec( "chmod 00660 " + mFileName ); + Utils.exec( "chmod 00640 " + mFileName ); } mFile = new File(mFileName); mBufferSize = bufferSize; @@ -729,7 +729,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { mBytesWritten = (int) out.length(); if( !Utils.isNT() ) { try { - Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() ); + Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() ); } catch( IOException e ) { CMS.debug( "Unable to change file permissions on " + mFile.toString() ); diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java index 964225181..97dbadf3d 100644 --- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java @@ -234,7 +234,7 @@ public class RollingLogFile extends LogFile { // Make certain that the backup file has // the correct permissions. if( !Utils.isNT() ) { - Utils.exec( "chmod 00660 " + backupFile.getCanonicalPath() ); + Utils.exec( "chmod 00640 " + backupFile.getCanonicalPath() ); } try { @@ -246,7 +246,7 @@ public class RollingLogFile extends LogFile { // Make certain that the original file retains // the correct permissions. if( !Utils.isNT() ) { - Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() ); + Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() ); } } catch ( FileNotFoundException e ) { CMS.debug( "Unable to zeroize " diff --git a/pki/base/common/src/com/netscape/cmscore/util/Debug.java b/pki/base/common/src/com/netscape/cmscore/util/Debug.java index 5edc44621..b9b794e9c 100644 --- a/pki/base/common/src/com/netscape/cmscore/util/Debug.java +++ b/pki/base/common/src/com/netscape/cmscore/util/Debug.java @@ -317,7 +317,7 @@ public class Debug if( !Utils.isNT() ) { // Always insure that a physical file exists! Utils.exec( "touch " + filename ); - Utils.exec( "chmod 00660 " + filename ); + Utils.exec( "chmod 00640 " + filename ); } OutputStream os = new FileOutputStream(filename, append); mOut = new PrintStream(os, true); /* true == autoflush */ diff --git a/pki/base/kra/shared/etc/init.d/pki-krad b/pki/base/kra/shared/etc/init.d/pki-krad index 8658b5af9..5a3b9be9b 100755 --- a/pki/base/kra/shared/etc/init.d/pki-krad +++ b/pki/base/kra/shared/etc/init.d/pki-krad @@ -1383,6 +1383,27 @@ start_instance() PKI_SECURE_PORT="<Port Undefined>" fi + # Set permissions of log files + pki_logs_directory=${PKI_INSTANCE_PATH}/logs + pki_signedAudit="${pki_logs_directory}/signedAudit" + for file in ${pki_logs_directory}/*; do + if [ ! -d "${file}" ]; then + chmod 00640 ${file} + chgrp $TOMCAT_GROUP ${file} + chown $TOMCAT_USER ${file} + fi + done + + # Set permissions of signedAudit log files + # do not set the group id, this will be set by the sgid on the directory + pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l` + if [ ${pki_signedAudit_files} -gt 0 ]; then + for file in ${pki_signedAudit}/*; do + chmod 00640 ${file} + chown $TOMCAT_USER ${file} + done + fi + # ignore "status" return codes echo display_instance_status diff --git a/pki/base/ocsp/shared/etc/init.d/pki-ocspd b/pki/base/ocsp/shared/etc/init.d/pki-ocspd index 0c3e1c258..70520dc30 100755 --- a/pki/base/ocsp/shared/etc/init.d/pki-ocspd +++ b/pki/base/ocsp/shared/etc/init.d/pki-ocspd @@ -1383,6 +1383,27 @@ start_instance() PKI_SECURE_PORT="<Port Undefined>" fi + # Set permissions of log files + pki_logs_directory=${PKI_INSTANCE_PATH}/logs + pki_signedAudit="${pki_logs_directory}/signedAudit" + for file in ${pki_logs_directory}/*; do + if [ ! -d "${file}" ]; then + chmod 00640 ${file} + chgrp $TOMCAT_GROUP ${file} + chown $TOMCAT_USER ${file} + fi + done + + # Set permissions of signedAudit log files + # do not set the group id, this will be set by the sgid on the directory + pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l` + if [ ${pki_signedAudit_files} -gt 0 ]; then + for file in ${pki_signedAudit}/*; do + chmod 00640 ${file} + chown $TOMCAT_USER ${file} + done + fi + # ignore "status" return codes echo display_instance_status diff --git a/pki/base/ra/lib/perl/PKI/RA/wizard.pm b/pki/base/ra/lib/perl/PKI/RA/wizard.pm index ecfe6dd3c..f7b43e80d 100755 --- a/pki/base/ra/lib/perl/PKI/RA/wizard.pm +++ b/pki/base/ra/lib/perl/PKI/RA/wizard.pm @@ -107,7 +107,7 @@ if( $^O ne "linux" ) { # create cfg debug log my $logfile = $config->get("service.instanceDir") . "/logs/debug"; system( "touch $logfile" ); -system( "chmod 00660 $logfile" ); +system( "chmod 00640 $logfile" ); open( DEBUG, ">>" . $logfile ) || warn( "Could not open '" . $logfile . "': $!" ); diff --git a/pki/base/tks/shared/etc/init.d/pki-tksd b/pki/base/tks/shared/etc/init.d/pki-tksd index b12d47e16..7d6bb99a5 100755 --- a/pki/base/tks/shared/etc/init.d/pki-tksd +++ b/pki/base/tks/shared/etc/init.d/pki-tksd @@ -1383,6 +1383,27 @@ start_instance() PKI_SECURE_PORT="<Port Undefined>" fi + # Set permissions of log files + pki_logs_directory=${PKI_INSTANCE_PATH}/logs + pki_signedAudit="${pki_logs_directory}/signedAudit" + for file in ${pki_logs_directory}/*; do + if [ ! -d "${file}" ]; then + chmod 00640 ${file} + chgrp $TOMCAT_GROUP ${file} + chown $TOMCAT_USER ${file} + fi + done + + # Set permissions of signedAudit log files + # do not set the group id, this will be set by the sgid on the directory + pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l` + if [ ${pki_signedAudit_files} -gt 0 ]; then + for file in ${pki_signedAudit}/*; do + chmod 00640 ${file} + chown $TOMCAT_USER ${file} + done + fi + # ignore "status" return codes echo display_instance_status diff --git a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm index 328820e63..5b2035f73 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm @@ -108,7 +108,7 @@ if( $^O ne "linux" ) { # create cfg debug log my $logfile = $config->get("service.instanceDir") . "/logs/debug"; system( "touch $logfile" ); -system( "chmod 00660 $logfile" ); +system( "chmod 00640 $logfile" ); open( DEBUG, ">>" . $logfile ) || warn( "Could not open '" . $logfile . "': $!" ); diff --git a/pki/base/tps/src/main/LogFile.cpp b/pki/base/tps/src/main/LogFile.cpp index 6bd3f056a..aa883eeaa 100644 --- a/pki/base/tps/src/main/LogFile.cpp +++ b/pki/base/tps/src/main/LogFile.cpp @@ -125,7 +125,7 @@ int LogFile::open() PRFileInfo info; PR_EnterMonitor(m_monitor); if (m_fd == NULL) { - m_fd = PR_Open(m_fname, PR_RDWR | PR_CREATE_FILE | PR_APPEND, 440|220); + m_fd = PR_Open(m_fname, PR_RDWR | PR_CREATE_FILE | PR_APPEND, 440|200); if (m_fd == NULL) { m_ctx->LogError( "LogFile::open", __LINE__, diff --git a/pki/base/tps/src/main/RollingLogFile.cpp b/pki/base/tps/src/main/RollingLogFile.cpp index 378b6729e..dd8f2dba1 100644 --- a/pki/base/tps/src/main/RollingLogFile.cpp +++ b/pki/base/tps/src/main/RollingLogFile.cpp @@ -212,7 +212,7 @@ void RollingLogFile::rotate() { } /* open the new file */ - m_fd = PR_Open(m_fname, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 440|220); + m_fd = PR_Open(m_fname, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 440|200); set_bytes_written(0); if (m_fd == NULL) { m_ctx->LogError( "RollingLogFile::rotate", |